He he we where talking of different things. The info that you point to is only about bootmgr and how to deactivate the checksum and signature verification in bootmgr. Yes it will let you use a "cracked" bootmgr without any special settings in the BCD (for the boot manager as specified in {bootmgr}), but has no effect on the entry that boots you OS (like for instance {default}. I know this because I was the one that posted this piece of information.
But for usage without testsigning on {default}, you must patch winload.exe and ntoskrnl.exe (at least on 64-bit). This is referred to as patchguard and is not so easy to deactivate. I tried it by folowing the link posted earlier but gave up without putting too much effort in to it. Only the disassembly of ntoskrnl.exe in IDA took like 30 minutes to finish, but the offsets did not match the description (however the patch for winload.exe was ok). Either way, this is how you must do it to circumvent testsigning (at least on 64-bit), and the patch will most likely not work with next service pack anyway. Consider this a major security violation, something MS would put big efforts into preventing..
But things may be slightly different on 32-bit..
Joakim
But for usage without testsigning on {default}, you must patch winload.exe and ntoskrnl.exe (at least on 64-bit). This is referred to as patchguard and is not so easy to deactivate. I tried it by folowing the link posted earlier but gave up without putting too much effort in to it. Only the disassembly of ntoskrnl.exe in IDA took like 30 minutes to finish, but the offsets did not match the description (however the patch for winload.exe was ok). Either way, this is how you must do it to circumvent testsigning (at least on 64-bit), and the patch will most likely not work with next service pack anyway. Consider this a major security violation, something MS would put big efforts into preventing..
But things may be slightly different on 32-bit..
Joakim
and why couldnt we just avoid the patch that messes it up
or just use the RTM Bootres.dll and Bootmgr and Winload.exe?
or just use the RTM Bootres.dll and Bootmgr and Winload.exe?
�� Quote: Originally Posted by marcusj0015 
and why couldnt we just avoid the patch that messes it up
or just use the RTM Bootres.dll and Bootmgr and Winload.exe?
or just use the RTM Bootres.dll and Bootmgr and Winload.exe?
Making a bootkit to solve the issue is sure a possible option as well. I know for sure that I'm not capable of such.. Any volunteers? Ha ha talking of overkill.
Joakim
Joakim
Hey all,
I know I have been absent for a bit now, but I have done some work on the program.
I have fixed numerous issues with the program, and started building the back-end that actually does the work. I have bootres.dll modification working in the new program (works for 32 and 64-bit) (I made a bunch of internal architecture changes so it wasn't just copy-and-paste). I have winload.exe modifications partially working for almost everything (32-bit only). Most of the remaining work will be with bootmgr (which is the same for 32-bit and 64-bit).
@marcusj
the tooltip issue you mention is apparently a bug with the built-in Windows tooltips. It seems to happen if the tooltip first shows while being changed rapidly. At that point it gets stuck. In the first alpha I may not have a solution, but in a future version I will probably do something like whenever the mouse leaves a certain area then to just completely kill the tooltip (it will re-make itself on its own later).
@marcusj
I have already investigated the special hidden partition and I believe that it is a WinRE partition. It stores the actual backup files for use by WinRE, along with some WinRE booting stuff. I know there is the WinRE.wim but I believe these are used as redundant systems.
@marcusj
EFI is in the plans for one of the betas. It should just be finding the strings to replace. Here is the planned release schedule:
@joakim
You bring up a very serious issue. I have not tested this, but I thought all I would need was:
80 7D 0B 00 74 04 33 F6 EB 03 6A 30 5E > 80 7D 0B 00 74 04 33 F6 EB 03 6A 00 5E
within bootmgr.exe. I probably should test it... My theory rests on a few points:
I know I have been absent for a bit now, but I have done some work on the program.
I have fixed numerous issues with the program, and started building the back-end that actually does the work. I have bootres.dll modification working in the new program (works for 32 and 64-bit) (I made a bunch of internal architecture changes so it wasn't just copy-and-paste). I have winload.exe modifications partially working for almost everything (32-bit only). Most of the remaining work will be with bootmgr (which is the same for 32-bit and 64-bit).
@marcusj
the tooltip issue you mention is apparently a bug with the built-in Windows tooltips. It seems to happen if the tooltip first shows while being changed rapidly. At that point it gets stuck. In the first alpha I may not have a solution, but in a future version I will probably do something like whenever the mouse leaves a certain area then to just completely kill the tooltip (it will re-make itself on its own later).
@marcusj
I have already investigated the special hidden partition and I believe that it is a WinRE partition. It stores the actual backup files for use by WinRE, along with some WinRE booting stuff. I know there is the WinRE.wim but I believe these are used as redundant systems.
@marcusj
EFI is in the plans for one of the betas. It should just be finding the strings to replace. Here is the planned release schedule:
- Alpha 9: end of this week, support for 32-bit without testsigning and most modifications available
- Alpha 10 and beyond: the following week, fixing major issues with Alpha 9 and adding 64-bit support
- 0.1 beta: the week after, most problems fixed and a few more modifications available, positive that 32-bit and 64-bit work the vast majority of the time, and add command-line support
- 0.2 beta through 1.0: adding more features as needed, bug fixes, and adding EFI support
@joakim
You bring up a very serious issue. I have not tested this, but I thought all I would need was:
80 7D 0B 00 74 04 33 F6 EB 03 6A 30 5E > 80 7D 0B 00 74 04 33 F6 EB 03 6A 00 5E
within bootmgr.exe. I probably should test it... My theory rests on a few points:
- winload.exe apparently does not check itself since it works after being modified and only having testsigning enabled for {bootmgr} and not {default}
- the above code turns off code verification for most files loaded by bootmgr.exe, the same thing that turning testsigning on does
- the winload.exe passes off execution to the ntoskrnl kernel (they are both technically kernels), they don't really ever co-exist (you can see this by debugging the boot up process), and patch-guarding is a feature of the ntoskrnl kernel to keep it (the ntoskrnl kernel and kernel-space memory) from being modified, so patch-guarding should be irrelevant
awesome Thaimin, thanks for the updates
@AlexYM &@Joakim
i wasnt say modify it to use different files
i was saying replace the updated files with the RTM files!
@AlexYM &@Joakim
i wasnt say modify it to use different files
i was saying replace the updated files with the RTM files!
Just a little note on debugging bootmgr. The patch I posted earlier that fixes the signature check, does not work when debugging. It will be more clean to patch 2 nop's (9090) to 0x00421ec5 instead. Otherwise you will have to overwrite the ebx register with the value you have in eax (like: r ebx=1) while debugging.
Still struggling...
Joakim
Still struggling...
Joakim
thats good Joakim
im sorry guys i dont have anything to add i dont know how to reverse engineer anything or how to program
sorry
im sorry guys i dont have anything to add i dont know how to reverse engineer anything or how to program
sorry
Don't worry. I'm just in third class and scheduled to graduate in RE in about 48 years...
lol
48 years
thats sad
48 years
thats sad
Hello, I'm new here. I've been following this thread for a while because, although I can't code for my life, I have this tormenting idea to use the floating logo from the Lost tv series as my bootskin. Man how I'd love to get that!
well once Thaimin gets done with his program you will be able to
Thaimin,
hows it goin
if you need help with anything ill try to help
gotta keep the Programmers happy!
Thaimin,
hows it goin
if you need help with anything ill try to help
gotta keep the Programmers happy!
I have been using the program from Coder for Life - Projects - Windows 7 Boot Updater (which I believe is Thaimin's program) and I had some issues at first, but I just got it working. I downloaded the gray version of the images there too. I'm running Windows 7 Ultimate 32 bit, and I had tried it with the image and text because I was hoping it would work even though I read somewhere that it didn't and the program let me do it, but system restore kicked it and undid everything. Next, I tried without the text and ended up with NO windows logo and with the ugly Vista loading bar. Finally, I tried (from there, I didn't bother to recover or anything) with the last box checked off and it kind of worked (I had used the folder that had a bunch of images rather than the 1 with the 1 long image). It was just zoomed in too much and looked bad. I redid it with the 1 long image and it worked perfectly! I just made an account to say that you guys are really awesome! Does anybody body know where in bootmgr we can disable the checksum verification of winload.exe? I'm a little stuck, but know roughly where it is.... (debugging bootmgr is fun, but a very time consuming process).
Joakim
Joakim
thats awesome!
im not sure howe you got it to work though because it dosent work as far as i know
but im sure Thaimin will be really happy!
im not sure howe you got it to work though because it dosent work as far as i know
but im sure Thaimin will be really happy!
I would like to correct marcuj0015. The currently posted program DOES work (as long as you are okay with testsigning). In addition to the testsigning enabled by the program (for {default}) you must also run:
Code:
bcdedit /set {bootmgr} testsigning on Update on my progress.
I have been quite busy so I haven't had much time to test and work out problems, however, I have the basic code down that should make all the necessary changes, however now I just need to fix the bugs causing the boot up to completely fail (and I mean really fail, it has a black screen and never gets further, doesn't even want to repair).
So I will try to find out why the program is completely failing, I am more sure that my hack for bootmgr.exe will not work, so joakim please keep looking! For now I will continue testing without modifying bootmgr and get my program updating everything else good. After that, I will start to delve into the bootmgr more.
I have made a number of improvements to the GUI, and decided to upload a new version of it (with the Apply button disabled since it is definitely not working at the moment). Some of the major changes:
Link to the GUI: http://www.coderforlife.com/projects/win7boot/GUI.exe
I have been quite busy so I haven't had much time to test and work out problems, however, I have the basic code down that should make all the necessary changes, however now I just need to fix the bugs causing the boot up to completely fail (and I mean really fail, it has a black screen and never gets further, doesn't even want to repair).
So I will try to find out why the program is completely failing, I am more sure that my hack for bootmgr.exe will not work, so joakim please keep looking! For now I will continue testing without modifying bootmgr and get my program updating everything else good. After that, I will start to delve into the bootmgr more.
I have made a number of improvements to the GUI, and decided to upload a new version of it (with the Apply button disabled since it is definitely not working at the moment). Some of the major changes:
- Shaved off 40% of the size (this is as small as its going to get since it has a 1.21 MB PNG for the default animation)
- Fullscreen animation improvements
- The slider now tells you where the loop portion is
- The advanced window is fully functional
- Changed some text (like Font Size )
- Lots of little ease-of-use things, like many fields/buttons can be jumped to with ALT+?, double clicking preview brings up fullscreen, and dragging a file onto the preview loads a boot skin.
Link to the GUI: http://www.coderforlife.com/projects/win7boot/GUI.exe
Now for the technical message, sorry for breaking this into 3 messages, but I thought it would be clearer.
The text color for the second message is a tricky beast. It is set using the following assembly:
or, ebx + 1C, FFFFFFFF
Basically, ORing a never set long value (which could be anything) with FFFFFFFF which sets all four bytes to FF. This is un-cool because it only takes 4 bytes to write this in machine code: 83, 4B, 1C, FF (the FF is automatically repeated 4 times...). All of the other values I am setting look like:
assembly: mov, XX XX, ########
machine code: C7 XX XX [## ## ## ##]
where XX XX is the offset and then ## ## ## ## is the data. That is 7 bytes, easy to change the data. Anywho, I can't really think of how to get a complete color (3 bytes) into the ebx+1C variable... Possibly a mov relative to the current position (EIB / RIB) that uses a byte for offset (so up to 256). However I don't know enough about assembly to construct such a statement.
Joakim, what are your thoughts on this?
The text color for the second message is a tricky beast. It is set using the following assembly:
or, ebx + 1C, FFFFFFFF
Basically, ORing a never set long value (which could be anything) with FFFFFFFF which sets all four bytes to FF. This is un-cool because it only takes 4 bytes to write this in machine code: 83, 4B, 1C, FF (the FF is automatically repeated 4 times...). All of the other values I am setting look like:
assembly: mov, XX XX, ########
machine code: C7 XX XX [## ## ## ##]
where XX XX is the offset and then ## ## ## ## is the data. That is 7 bytes, easy to change the data. Anywho, I can't really think of how to get a complete color (3 bytes) into the ebx+1C variable... Possibly a mov relative to the current position (EIB / RIB) that uses a byte for offset (so up to 256). However I don't know enough about assembly to construct such a statement.
Joakim, what are your thoughts on this?
Don't know what you meant about "so joakim please keep looking". I've really been looking at other non-related stuff in bootmgr (like the chosen index number in a wim..). What is the address of the code for the text colour for the second message? I'm not sure I will be of much help, but it doesn't hurt to have a look at it.
Hopefully I get the time during this weekend to check out the updated version of your tool.
Hopefully I get the time during this weekend to check out the updated version of your tool.
Oh, sorry, well then I will get around to it :-).
The text color is at line number 004439A5 (as given by IDA, which is the VA, so you need to subtract 00410000 and add the offset to .text). This is in version 6.1.7600.16411. Its in function BgpTxtCreateRegion.
Do you have Hex-rays with IDA? Cause you can much easier go through bootmgr.exe with that... Also, which version of bootmgr.exe are you looking at? The pxe one? The Windows 7 one? By the way I found a bug with my bmzip program that prevented it from decompressing the Vista bootmgr.exe.
The text color is at line number 004439A5 (as given by IDA, which is the VA, so you need to subtract 00410000 and add the offset to .text). This is in version 6.1.7600.16411. Its in function BgpTxtCreateRegion.
Do you have Hex-rays with IDA? Cause you can much easier go through bootmgr.exe with that... Also, which version of bootmgr.exe are you looking at? The pxe one? The Windows 7 one? By the way I found a bug with my bmzip program that prevented it from decompressing the Vista bootmgr.exe.
sorry Thaimin,
i didnt mean to state wrong info,
it didnt work for me
i didnt mean to state wrong info,
it didnt work for me
Two words:
Apple logo
Just to mess with people
Apple logo
Just to mess with people
�� Quote: Originally Posted by thaimin The text color is at line number 004439A5 (as given by IDA, which is the VA, so you need to subtract 00410000 and add the offset to .text). This is in version 6.1.7600.16411. Its in function BgpTxtCreateRegion.
�� Quote: Originally Posted by thaimin Do you have Hex-rays with IDA? Cause you can much easier go through bootmgr.exe with that... Also, which version of bootmgr.exe are you looking at? The pxe one? The Windows 7 one? By the way I found a bug with my bmzip program that prevented it from decompressing the Vista bootmgr.exe.
@marcusj, okay so I have some reports that it is definitely working, and other reports that it isn't (with the old version), must be some minute setup difference...
@Benjamin awesome idea, you should start working on a bootskin using the GUI application
@joakim:
I dunno, whatever marcusj gave me for 32-bit files, which I think is SP1.
Right, no pxe version. The alternate stub thing works. The bootmgr.exe in my Vista 32-bit SP2 is compressed which is how I found this bug.
@Benjamin awesome idea, you should start working on a bootskin using the GUI application
@joakim:
I dunno, whatever marcusj gave me for 32-bit files, which I think is SP1.
Right, no pxe version. The alternate stub thing works. The bootmgr.exe in my Vista 32-bit SP2 is compressed which is how I found this bug.
I would like to update everyone on my progress.
I have successfully made a program that can do all the previously mentioned updates in winload.exe et al. It still requires testsigning to be on for bootmgr and winload.exe to be signed. I have tried my original bootmgr.exe hack and it failed. I will try the new hack later.
@joakim: you posted a new bootmgr hack to allow bootmgr.exe to be unsigned that I didn't understand. Also, I would like it to be for the original Windows 7 bootmgr (not the special one you have).
Also, I have increased the accuracy of the preview (the preview is still has slightly shifted text and the background color may not be quite perfect compared to the real boot up).
Hopefully I will find this bootmgr / bootmgr.exe fix soon... then I will upload a real new version.
I have successfully made a program that can do all the previously mentioned updates in winload.exe et al. It still requires testsigning to be on for bootmgr and winload.exe to be signed. I have tried my original bootmgr.exe hack and it failed. I will try the new hack later.
@joakim: you posted a new bootmgr hack to allow bootmgr.exe to be unsigned that I didn't understand. Also, I would like it to be for the original Windows 7 bootmgr (not the special one you have).
Also, I have increased the accuracy of the preview (the preview is still has slightly shifted text and the background color may not be quite perfect compared to the real boot up).
Hopefully I will find this bootmgr / bootmgr.exe fix soon... then I will upload a real new version.
�� Quote: Originally Posted by thaimin @joakim: you posted a new bootmgr hack to allow bootmgr.exe to be unsigned that I didn't understand. Also, I would like it to be for the original Windows 7 bootmgr (not the special one you have).
I had a look at the 004439A5 issue late last night, but could could not come up with anything. I just realized that since with don't have enough space for the required code at 004439A5, we must write the code somewhere else where space exist. I did not have time to test this, but I found an empty chunck of space (00's) at 00467200. We could try to write the code there (and close it with a ret instruction), and make a call to that location at around 004439A5.
Realistically I will not have time to test it for a few days, but maybe you will..
Joakim
Thaimin,
the files i uploaded for you were NOT SP1
they were SP0 the only difference is that one file had been updated through Windows update from RTM to after RTM BEFORE SP1
basically it was an update but defitanitally not SP1
the files i uploaded for you were NOT SP1
they were SP0 the only difference is that one file had been updated through Windows update from RTM to after RTM BEFORE SP1
basically it was an update but defitanitally not SP1
@joakim, so I am currently using your 'original' bootmgr hack:
74 16 57 68 F8 96 46 00 > 75 16 57 68 F8 96 46 00
but you recently stated that when debugging that causes problem and gave some other fix which I didn't understand.
Also, the text color is not all that important at the moment. I plan to go through 'additional' modification testing after I get a completely working version. I plan to look at text justification, making copyright text longer, and startup text color.
@marcusj0015
Sorry for misunderstanding. Truth is now I have tested with a pure un-updated winload.exe 32-bit and it works great, and also for the Windows-Updated one you gave me. Have not tested SP1 versions...
@all
It was brought to my attention that resuming from hibernation uses a similar animation except that the text is "Resuming Windows" instead of "Starting Windows". Additionally, my program does not seem to change the animation at all, it uses the original Windows Logo! So apparently the animation is stored in multiple places... Maybe WinRE or the hidden partition is used for resuming?
74 16 57 68 F8 96 46 00 > 75 16 57 68 F8 96 46 00
but you recently stated that when debugging that causes problem and gave some other fix which I didn't understand.
Also, the text color is not all that important at the moment. I plan to go through 'additional' modification testing after I get a completely working version. I plan to look at text justification, making copyright text longer, and startup text color.
@marcusj0015
Sorry for misunderstanding. Truth is now I have tested with a pure un-updated winload.exe 32-bit and it works great, and also for the Windows-Updated one you gave me. Have not tested SP1 versions...
@all
It was brought to my attention that resuming from hibernation uses a similar animation except that the text is "Resuming Windows" instead of "Starting Windows". Additionally, my program does not seem to change the animation at all, it uses the original Windows Logo! So apparently the animation is stored in multiple places... Maybe WinRE or the hidden partition is used for resuming?
Thaimin,
are you sure that resuming windows dosent call teh same bootres.dll? ''becaue the string Resuming Windows IS held in resume.exe
so it could require just the string being patched
are you sure that resuming windows dosent call teh same bootres.dll? ''becaue the string Resuming Windows IS held in resume.exe
so it could require just the string being patched
I got a clarification. If using the current program resuming reverts to a lame white progress bar on black background (like when WinRE is booting up). Thus, resume.exe needs some hacks to get it to continue using the modified bootres.dll, but it does use the same bootres.dll. I will work on that after I get it working with winload.exe.
Just confirming that theory works. I managed to change the startup text color to light green.
old code
new code
old code
new code
So the actual color code are stored at va 00467206 or offset 0x64A06. I'm sure thaimin has something useful to add about these color code.
About your concerns regarding the bootmgr patch. Here's what I change;
old code
new code
This is to disable the signature verification of the embedded bootmgr.exe (itself). This patch will also let you run modified bootmgr(.exe) in debug mode.
Joakim
old code
Code:
offset machine code assembler .text:0044399C 832100 and dword ptr [ecx], 0 .text:0044399F 834B1CFF or dword ptr [ebx+1Ch], 0FFFFFFFFh
Code:
offset machine code assembler .text:0044399C E85F380200 call sub_467200 .text:004439A1 90 nop .text:004439A2 90 nop
Code:
offset machine code assembler .rdata:00467200 00 db 0 .rdata:00467201 00 db 0 .rdata:00467202 00 db 0 .rdata:00467203 00 db 0 .rdata:00467204 00 db 0 .rdata:00467205 00 db 0 .rdata:00467206 00 db 0 .rdata:00467207 00 db 0 .rdata:00467208 00 db 0 .rdata:00467209 00 db 0 .rdata:0046720A 00 db 0 .rdata:0046720B 00 db 0 .rdata:0046720C 00 db 0
Code:
offset machine code assembler .rdata:00467200 832100 and dword ptr [ecx], 0 .rdata:00467203 C7431C00FF00FF mov dword ptr [ebx+1Ch], 0FF00FF00h .rdata:0046720A C20400 retn 4
About your concerns regarding the bootmgr patch. Here's what I change;
old code
Code:
offset machine code assembler .text:00421EC5 7416 jz short loc_421EDD
Code:
offset machine code assembler .text:00421EC5 90 nop .text:00421EC6 90 nop
Joakim
@joakim
First color stuff: First, isn't .rdata not allowed to be executed as code? How can you call a function in it? Wouldn't it be better to put it at the end of .text? According to the header information, .text has 48 bytes extra on disk (difference of Raw Size and Virtual Size) which is enough for your trick (which requires 13). Additionally, the end of a section is easy to find and I know I won't be destroying any important data.
But otherwise, that is awesome! I will try a version of it in a bit.
The value "7416" doesn't show up in the standard Windows 7 bootmgr until you are already in bootmgr.exe (so it isn't in the stub). Since the previous hack started with the same thing, I had to double check, and my program was silently failing to update the bootmgr stub. Oops! So apparently that hack only works for PXE bootmgr stub. Maybe if I can find the equivalent thing to change in the standard Windows 7 one then one of the tricks I found for bootmgr.exe will possibly work. I know I properly make that change (but I am unable to test it...).
First color stuff: First, isn't .rdata not allowed to be executed as code? How can you call a function in it? Wouldn't it be better to put it at the end of .text? According to the header information, .text has 48 bytes extra on disk (difference of Raw Size and Virtual Size) which is enough for your trick (which requires 13). Additionally, the end of a section is easy to find and I know I won't be destroying any important data.
But otherwise, that is awesome! I will try a version of it in a bit.
The value "7416" doesn't show up in the standard Windows 7 bootmgr until you are already in bootmgr.exe (so it isn't in the stub). Since the previous hack started with the same thing, I had to double check, and my program was silently failing to update the bootmgr stub. Oops! So apparently that hack only works for PXE bootmgr stub. Maybe if I can find the equivalent thing to change in the standard Windows 7 one then one of the tricks I found for bootmgr.exe will possibly work. I know I properly make that change (but I am unable to test it...).
What do you mean by not finding 7416? You are supposed to find 7403 at 0x105e in bootmgr (to disable checksum verification of bootmgr.exe). This is in the stub.
Now, to disable the signature verification we must patch bootmgr.exe. One way is the patch I've posted concerning 00421ec5.
Another way to disable signature verification, that I just discovered, is to make a far jmp inside the function BlImgVerifySignedPeImageFileContents, and effectively walking past every hash calculation;
old code
new code
Lastly, the reason why I chose a place with such a big code cave to put the stuff, was in case we wanted to put more new code somewhere. Then it would not be spread all over, and easier to manage. So don't worry about it being in the .rdata section as long as it works (I've verified green text)..
Btw, did you manage to draw the animation with bigger size? If so, where and what did you do?
Joakim
Now, to disable the signature verification we must patch bootmgr.exe. One way is the patch I've posted concerning 00421ec5.
Another way to disable signature verification, that I just discovered, is to make a far jmp inside the function BlImgVerifySignedPeImageFileContents, and effectively walking past every hash calculation;
old code
Code:
.text:00421063 mov ebx, eax .text:00421065 test ebx, ebx .text:00421067 jnz short loc_421073
Code:
.text:00421063 mov ebx, eax .text:00421065 jmp loc_421172
Btw, did you manage to draw the animation with bigger size? If so, where and what did you do?
Joakim
Okay, I thought all your fixes you were mentioning before were for bootmgr stub! This clears up a lot.
The bootmgr stub change is unnecessary since the checksum is updated, right?
I have integrated your ideas about changing startup message color and that led to me making it so the copyright text could be any length. Inspection of the files looks good and I will be testing in a VM in a bit.
I hope one of your 3 bootmgr.exe self-verify hacks plus one of my 2 bootmgr.exe winload.exe-verify hacks works (now that I will be properly applying the self-verify checks).
The animation size, frame rate, position, etc is all done by NTOSKRNL which I am not going to be editing, so it won't happen, although maybe possible, but that is too much for me.
The bootmgr stub change is unnecessary since the checksum is updated, right?
I have integrated your ideas about changing startup message color and that led to me making it so the copyright text could be any length. Inspection of the files looks good and I will be testing in a VM in a bit.
I hope one of your 3 bootmgr.exe self-verify hacks plus one of my 2 bootmgr.exe winload.exe-verify hacks works (now that I will be properly applying the self-verify checks).
The animation size, frame rate, position, etc is all done by NTOSKRNL which I am not going to be editing, so it won't happen, although maybe possible, but that is too much for me.
Yes you are right that the stub hack is only necessary when the embedded bootmgr.exe has a bad checksum.
And it is sufficient to implement only 1 of the 2 signature hacks (I just wanted to mention a second way).
I hope you find a way to disable the checksum verification of winload.exe..
So I will not bother with NTOSKRNL, at least not on x64.
Joakim
And it is sufficient to implement only 1 of the 2 signature hacks (I just wanted to mention a second way).
I hope you find a way to disable the checksum verification of winload.exe..
So I will not bother with NTOSKRNL, at least not on x64.
Joakim
�� Quote: Originally Posted by joakim Yes you are right that the stub hack is only necessary when the embedded bootmgr.exe has a bad checksum.
�� Quote: Originally Posted by joakim And it is sufficient to implement only 1 of the 2 signature hacks (I just wanted to mention a second way).
�� Quote: Originally Posted by joakim I hope you find a way to disable the checksum verification of winload.exe..
I tested my program with the new color code and longer copyright text. The longer copyright text worked, but the color failed. Right when it was about to draw the text it just hung. My guess is I did something wrong, I will inspect further to see if I can get it to work.
�� Quote: Originally Posted by thaimin Have you tried either of the hacks I have posted? I believe at least one should allow you to use use an unsigned winload.exe.
I don't know the offsets, but they are unique in bootmgr.exe:
You only need one of them.
Code:
80 7D 0B 00 74 04 33 F6 EB 03 6A 30 5E 80 7D 0B 00 74 04 33 F6 EB 03 6A 00 5E 89 55 B4 83 65 B4 10 89 55 B4 83 65 B4 00
Nothing new, just found yet another way to disable signature check in bootmgr. Overwrite with 6 nop's (909090909090) at this location;
zzzzzzzzzzzzzzzzz (works while not debugging).
Joakim
Code:
.text:00401237 jl loc_40142A
Joakim
�� Quote: Originally Posted by razooi12 �� Quote: Originally Posted by WindowsStar �� Quote: Originally Posted by razooi12 �� Quote: Originally Posted by razooi12 �� Quote: Originally Posted by WindowsStar �� Quote: Originally Posted by razooi12 sorry for being gone guys
my laptop fell and the hdd is ****ed so im in ****ing ubuntu running in the dvd drive right now so i can check the internet
my laptop fell and the hdd is ****ed so im in ****ing ubuntu running in the dvd drive right now so i can check the internet
Glad to report here some findings about boot animation parameters' locations:
for ntoskrnl.exe x86 version 6.1.7600.20700 (win7_ldr.100423-1625):
offset 2fc898h -frame's width and height c8000000h (200),
2fc8a8h -frame's x-position 9c010000h (412),
further not tested yet but kind of apparent:
2fc8afh -frame's y-position 1c010000h (284),
2fc8bbh -framerate 0f000000h (15),
2fc8c2h -total number of frames 69000000h (105),
2fc8c9h -number of first unlooping frames 3c000000h (60).
Good luck with testings, and don't forget about testsigning!
And don't replace original kernel, just copy modded version under another name in system32 folder and use
bcdedit /set kernel moddedfilename
(or even better - make for it additional entry in bcd).
for ntoskrnl.exe x86 version 6.1.7600.20700 (win7_ldr.100423-1625):
offset 2fc898h -frame's width and height c8000000h (200),
2fc8a8h -frame's x-position 9c010000h (412),
further not tested yet but kind of apparent:
2fc8afh -frame's y-position 1c010000h (284),
2fc8bbh -framerate 0f000000h (15),
2fc8c2h -total number of frames 69000000h (105),
2fc8c9h -number of first unlooping frames 3c000000h (60).
Good luck with testings, and don't forget about testsigning!
And don't replace original kernel, just copy modded version under another name in system32 folder and use
bcdedit /set kernel moddedfilename
(or even better - make for it additional entry in bcd).
Very interesting information AlexYM. I'll check it out when I get the time. I don't have version 6.1.7600.20700, but I'll investigate the previous version before that one (I only run win 7 in virtual machines and don't bother updating very often).
Joakim
Joakim
Awesome AlexVM!!!!!!!!
hopefully we can bump up the FPS to at least 18
i think 18 would be best
but still amazing
and as soon as Windows 7 works again ill get back to working on this
hopefully we can bump up the FPS to at least 18
i think 18 would be best
but still amazing
and as soon as Windows 7 works again ill get back to working on this
Just looked in winsxs folder, can you imagine kernel was updated 9 times already after RTM !
So in RTM build 7600.16385 above mentioned offsets are:
2fa698
2fa6a8
2fa6af
2fa6bb
2fa6c2
2fa6c9
So in RTM build 7600.16385 above mentioned offsets are:
2fa698
2fa6a8
2fa6af
2fa6bb
2fa6c2
2fa6c9
Just confirming that some of stuff AlexYM posted works. Just made another stupid animation hack that is more annoying than elegant. Setting framerate to 78 (4e) and the number of first looping frames to 57 (39) will let you see the crystal balls start flying and when they are done (before they melt together) it will start over again. Really annoying to look at, especially when this repeates itself 19 times! When using IDA (with the symbols) you may want to look at the function ResFwpGetProgressIndicatorAnimation. In my x86 ntkrnlpa.exe version 6.1.7600.16385 the disassembly looks like this;
However, I was not able to increase frames width and height to 300 (got BSOD). Also got BSOD when increasing number of frames to 181, but a different BSOD code.
Anyone successfully increased the size and number of frames?
Joakim
Code:
PAGEBGFX:00748C97 mov eax, 0C8h PAGEBGFX:00748C9C lea edi, [esi+0Ch] PAGEBGFX:00748C9F mov dword ptr [esi], 1 PAGEBGFX:00748CA5 mov dword ptr [esi+4], 19Ch PAGEBGFX:00748CAC mov dword ptr [esi+8], 11Ch PAGEBGFX:00748CB3 mov [esi+10h], eax PAGEBGFX:00748CB6 mov [edi], eax PAGEBGFX:00748CB8 mov dword ptr [esi+18h], 0Fh PAGEBGFX:00748CBF mov dword ptr [esi+1Ch], 69h PAGEBGFX:00748CC6 mov dword ptr [esi+24h], 3Ch
Anyone successfully increased the size and number of frames?
Joakim
Finally I found at least one way to load a custom animation/bootres.dll without testsigning. This method does not require bootres.dll to be signed with a bogus certificate at all. Checksum must still be correct though. Inside the function ImgpLoadPEImage inside winload.exe I changed a conditional jump (jge) to a jump short (jmps) instruction. For x86 version 6.1.7600.16385 it looks like this in IDA;
At VA 00428EB5 I changed 7d2e -> eb2e. So far it was only tested in winpe, but really so early in the boot process there are no real distinction between a winpe and a real system, so it should also work in non-PE. The real distinction starts when the kernel loads the code integrity module , ci.dll (which it doesn't for winpe). I don't have time to verify on x64, maybe someone else can..??
Then I found something that could be the cause for the failed test on increased frame size and frame number. Inside winload.exe there's also the function ResFwpGetProgressIndicatorAnimation. Probably the changed values must match inside winload.exe and ntoskrnl.exe. In IDA it looks almost the same as for ntoskrnl.exe;
Have not got time to test it. Someone else perhaps?
Joakim
This method does not require bootres.dll to be signed with a bogus certificate at all. Checksum must still be correct though. Inside the function ImgpLoadPEImage inside winload.exe I changed a conditional jump (jge) to a jump short (jmps) instruction. For x86 version 6.1.7600.16385 it looks like this in IDA;Code:
.text:00428EAB call _ImgpValidateImageHash@24 ; ImgpValidateImageHash(x,x,x,x,x,x) .text:00428EB0 mov [ebp+var_8], eax .text:00428EB3 test eax, eax .text:00428EB5 jge short loc_428EE5
Then I found something that could be the cause for the failed test on increased frame size and frame number. Inside winload.exe there's also the function ResFwpGetProgressIndicatorAnimation. Probably the changed values must match inside winload.exe and ntoskrnl.exe. In IDA it looks almost the same as for ntoskrnl.exe;
Code:
.text:00444B8A mov ecx, 0C8h .text:00444B8F mov [eax+10h], ecx .text:00444B92 mov [eax+0Ch], ecx .text:00444B95 xor ecx, ecx .text:00444B97 mov dword ptr [eax], 1 .text:00444B9D mov dword ptr [eax+4], 19Ch .text:00444BA4 mov dword ptr [eax+8], 11Ch .text:00444BAB mov dword ptr [eax+18h], 0Fh .text:00444BB2 mov dword ptr [eax+1Ch], 69h .text:00444BB9 mov dword ptr [eax+24h], 3Ch
Joakim
@joakim
I already have a solution to not require bootres.dll and winload.exe.mui to not be signed. It is similar to yours. I put it much earlier in this thread (like probably page 15).
As I said before, winload.exe loads and verifies bootres.dll (size and all) and ntoskrnl does the actual playing.
@AlexYM
Awesome discovery. Maybe eventually I will integrate those.
@marcusj
I don't believe increasing frame rate is at all good. An increase will mean more amount data to load and will require more processing. This will definitely slow down the boot up. At 15 fps you can get a fairly continuous animation as long as nothing moves too quickly.
Another thing I have thought of adding is a background image. I believe the functions exist in winload.exe to draw images, and so I would add a resource and a function and maybe be able to have a solid background image (instead of a color). If this route is taken, then no text modification is needed since any text can be draw into the image. However, that is looking into the future.
At the moment, I am still looking for a bootmgr.exe hack to allow unsigned winload.exe. I put all my work on hold for awhile since I have been sick for the last week, however I will hopefully continue working this weekend.
I already have a solution to not require bootres.dll and winload.exe.mui to not be signed. It is similar to yours. I put it much earlier in this thread (like probably page 15).
As I said before, winload.exe loads and verifies bootres.dll (size and all) and ntoskrnl does the actual playing.
@AlexYM
Awesome discovery. Maybe eventually I will integrate those.
@marcusj
I don't believe increasing frame rate is at all good. An increase will mean more amount data to load and will require more processing. This will definitely slow down the boot up. At 15 fps you can get a fairly continuous animation as long as nothing moves too quickly.
Another thing I have thought of adding is a background image. I believe the functions exist in winload.exe to draw images, and so I would add a resource and a function and maybe be able to have a solid background image (instead of a color). If this route is taken, then no text modification is needed since any text can be draw into the image. However, that is looking into the future.
At the moment, I am still looking for a bootmgr.exe hack to allow unsigned winload.exe. I put all my work on hold for awhile since I have been sick for the last week, however I will hopefully continue working this weekend.
im sick too, bronchitis
and my harddrive failed so im in ubuntu right now running the live dvd
i should have a working computer by friday or saturday though
and my harddrive failed so im in ubuntu right now running the live dvd
i should have a working computer by friday or saturday though
�� Quote: Originally Posted by thaimin @joakim
I already have a solution to not require bootres.dll and winload.exe.mui to not be signed. It is similar to yours. I put it much earlier in this thread (like probably page 15).
I already have a solution to not require bootres.dll and winload.exe.mui to not be signed. It is similar to yours. I put it much earlier in this thread (like probably page 15).
Does anybody have a clue why the function ResFwpGetProgressIndicatorAnimation is also present in winload.exe?
I have tested my method and it does work. At this moment I have tested everything in the GUI, and changing everything works. The ONLY thing that doesn't work is an unsigned winload.exe is not accepted.
Looking through winload.exe it looks like it has a bunch of functions that are NOT used, that may be one.
I also noticed that upon failing to get the new animation up and running (like bootres.dll not being signed) then it does a bunch of stuff to load the old-style Vista display. It calls the Vista display the "ProgressIndicatorAnimation" since it only animates a progress bar.
Hopefully my insight there may be useful.
Looking through winload.exe it looks like it has a bunch of functions that are NOT used, that may be one.
I also noticed that upon failing to get the new animation up and running (like bootres.dll not being signed) then it does a bunch of stuff to load the old-style Vista display. It calls the Vista display the "ProgressIndicatorAnimation" since it only animates a progress bar.
Hopefully my insight there may be useful.
@thaimin
Is that functionality (modded bootres.dll without testsigning) implemented in the currently available version of your tool? Or is it in the still-in-work version of GUI?
Joakim
Is that functionality (modded bootres.dll without testsigning) implemented in the currently available version of your tool? Or is it in the still-in-work version of GUI?
Joakim
I have no place to verify this, but I think I found the place in bootmgr.exe to disable signature check in winload.exe. Actually it is just the same hack as I just posted for winload.exe (to load unsigned bootres.dll). Inside the function ImgLoadPEImage the code is mostly the same as in winload.exe, so if we move to VA 0042179A we find this disassembly in IDA;
This piece of code in bootmgr.exe is identical to the corresponding code found in winload.exe. I am therefore fairly sure that changing the jge instruction to a jmps should to the trick then. Change 7d22 -> eb22 at 0042174A.
@thaimin
I have no x64 machine to test this on at the moment. Maybe you (or someone else) could run a quick test and report back?
Joakim
Code:
.text:0042179A call _ImgpValidateImageHash@24 ; ImgpValidateImageHash(x,x,x,x,x,x) .text:0042179F mov [ebp+var_8], eax .text:004217A2 test eax, eax .text:004217A4 jge short loc_4217C8
@thaimin
I have no x64 machine to test this on at the moment. Maybe you (or someone else) could run a quick test and report back?
Joakim
@joakim
The current version of the program does not have this tweak. It is in the upcoming version. If I cannot get a bootmgr.exe hack I will probably just release the program as-is.
Also, I have tried similar hacks in bootmgr.exe and they haven't worked. I am unsure why. One thing could be because ImgLoadPEImage in bootmgr.exe has an extra parameter that gets filled with the hash, so the hash may be rechecked later...
The current version of the program does not have this tweak. It is in the upcoming version. If I cannot get a bootmgr.exe hack I will probably just release the program as-is.
Also, I have tried similar hacks in bootmgr.exe and they haven't worked. I am unsure why. One thing could be because ImgLoadPEImage in bootmgr.exe has an extra parameter that gets filled with the hash, so the hash may be rechecked later...
I read the hole thread and i'm very interessted in your all work.
I don't think this will help, but i don't wanted it to be unmentioned.:
i know 2 tools which deal with signing. "unsign" from MSFN board and a Tool from ntcore.com which has to do with signature (i don't know if it is in commen with signing) "SignaturesExplorer". Maybe this can help in any way, but i don't think so.
I don't think this will help, but i don't wanted it to be unmentioned.:
i know 2 tools which deal with signing. "unsign" from MSFN board and a Tool from ntcore.com which has to do with signature (i don't know if it is in commen with signing) "SignaturesExplorer". Maybe this can help in any way, but i don't think so.
Unfortunately it has nothing to do with the requirements for signatures in bootmgr, winload.exe or bootres.dll (or the underlying security issue present). But thanks for the suggestion.
Joakim
Joakim
is there any way i can help Thaimin?
I just got to test on 64-bit and I think I found how to load unsigned winload.exe without testsigning on 64-bit. Actually nothing new. Just use the same patch as I posted earlier on page 21 (about the 2 nops that you mentioned not understanding (including myself)). That patch thus works for deactivation of signature check for both bootmgr.exe and winload.exe. Hopefully I did not miss anything obvious, as has happened before..
So we can now load unsigned bootmgr(.exe), winload.exe and bootres.dll, without testsigning or nointegritychecks configured. Did not check with ntoskrnl.exe yet.
Joakim
Hopefully I did not miss anything obvious, as has happened before..So we can now load unsigned bootmgr(.exe), winload.exe and bootres.dll, without testsigning or nointegritychecks configured. Did not check with ntoskrnl.exe yet.
Joakim
After some more digging, I'm getting a little tired of all this, but have found some more information to share.
Here is yet another way to disable signature check in bootmgr. Locate this;
and change E8160B0000 -> b800000000, which will overwrite the call with a "mov eax, 0" instruction. It will just tell the caller that the hash in bootmgr.exe is fine.
To load winload.exe with bad checksum change this jz instruction to a jmps, 7418 -> eb18.
For some strange reason, when booting winload.exe with bad checksum, winpe will revert to vista style, while a regular install will boot with fine animation (usually its the other way around).
And to make the signature checker of winload.exe happy we can also patch like we did already for bootmgr's selfcheck;
changing E8CD040000 -> b800000000, which will overwrite the call with a "mov eax, 0" instruction. Again, we just return the message that hash in winload.exe is good.
And yet another way to load bootres.dll (and more) unsigned by patching winload.exe here;
By changing E889FDFDFF -> 909090b001, we effectively spoof debug mode, and thus disable any signature checking. The code now becomes 3 nops and a "mov al, 1" instruction.
This was verified on 32-bit binaries of version 6.1.7600.16385, but from tests done the last 2 days, this should also work similarly on 64-bit. I just haven't had the time to locate the corresponding addresses for x64 yet.
Now the function ImgpValidateImageHash inside bootmgr is not used anymore and can be filled by new stuff.
@thaimin
What function did you want to try and draw an image with in bootmgr?
Joakim
Here is yet another way to disable signature check in bootmgr. Locate this;
Code:
.text:00421151 call _ImgpValidateImageHash@24
To load winload.exe with bad checksum change this jz instruction to a jmps, 7418 -> eb18.
Code:
.text:004216A3 jz short loc_4216BD
And to make the signature checker of winload.exe happy we can also patch like we did already for bootmgr's selfcheck;
Code:
.text:0042179A call _ImgpValidateImageHash@24
And yet another way to load bootres.dll (and more) unsigned by patching winload.exe here;
Code:
.text:0042960B call _BlBdDebuggerEnabled@0
This was verified on 32-bit binaries of version 6.1.7600.16385, but from tests done the last 2 days, this should also work similarly on 64-bit. I just haven't had the time to locate the corresponding addresses for x64 yet.
Now the function ImgpValidateImageHash inside bootmgr is not used anymore and can be filled by new stuff.
@thaimin
What function did you want to try and draw an image with in bootmgr?
Joakim
@thaimin
For some reason i can't decompress SP1 bootmgr with bmzip tool, neither Beta nor RC Escrow versions. Version 7601.17104 is here:
bootmgr7601.17104.zip
For some reason i can't decompress SP1 bootmgr with bmzip tool, neither Beta nor RC Escrow versions. Version 7601.17104 is here:
bootmgr7601.17104.zip
More checksum stuff. To completely disable all checksum verifications during bootup, we must patch winload.exe in 3 different places;
1. Change this to a jmps instruction by changing 7418 -> eb18;
2. Then replace this conditional jump with 6 nops by changing 0f8400010000 -> 909090909090;
3. Lastly also replace this conditional jump with 6 nops by changing 0f871cfdffff -> 909090909090;
With this patch I was able to boot with bad checksum in bootres.dll, hal.dll, ci.dll, bootvid.dll and ntoskrnl.exe (and possibly more). Tested on 32-bit version 6.1.7600.16385.
@AlexYM
You can find the decompressed bootmgr on your dvd in"Windows\Boot\PXE\bootmgr.exe" inside the wim. They are identical.
Joakim
1. Change this to a jmps instruction by changing 7418 -> eb18;
Code:
.text:00428DC5 jz short loc_428DDF
Code:
.text:00428DE3 jz loc_428EE9
Code:
.text:00428DF6 ja loc_428B18
@AlexYM
You can find the decompressed bootmgr on your dvd in"Windows\Boot\PXE\bootmgr.exe" inside the wim. They are identical.
Joakim
I have been following this closely for some time now, and it sounds like it may actually happen soon. I thank everyone involved in this and am very glad this will be openly available for everyone's use. Customizing your computer is like decorating your room, it should be your right.
Pretty amazing of you guys working on this program. Will follow closely on this thread for updates. and oh, just a suggestion a stick or two and a cup of coffee is 1 good way of unwinding. Good luck to all.
guys is there anytrhing i can do to help? anything at all
i feel like a let down evon though i revived the original thread and got this project started i feel responsible to help get it done
i feel like a let down evon though i revived the original thread and got this project started i feel responsible to help get it done
@marcusj0015
Do you want to create a few different test animations? I would like to test with kernel patches for animations of different size and length. For instance with higher resolution, like 250x250 and 300x300, and some with less/more frames, like 50 or 150. If you can do this, it will speed up my researching.
I don't care about how lame the actual animation is, I just need something to test with. And as you might have noticed, I am not very good with animations..
Joakim
Do you want to create a few different test animations? I would like to test with kernel patches for animations of different size and length. For instance with higher resolution, like 250x250 and 300x300, and some with less/more frames, like 50 or 150. If you can do this, it will speed up my researching.
I don't care about how lame the actual animation is, I just need something to test with. And as you might have noticed, I am not very good with animations..
Joakim
ok ill try
it might take a few days
it might take a few days
Yet another way to solve the TESTSIGNING issue. We boot by configuring TESTSIGNING on in bcd. Now the intersting part is that we can patch the kernel so that when code integrity (ci.dll) is initialized, it will continue booting like as if TESTSIGNING was not set in the bcd. I've verified this because the watermark was not put on the desktop, at the same time as TESTSIGNING was shown in the registry under the key SystemStartOptions. I really don't recommend messing with the kernel, so you might want to stick with the other working solutions already posted. For those that like testing this, here is the patch located in the function SepInitializeCodeIntegrity. Change both conditional jumps to a jump short instruction (jmps);
Change 7402 -> eb02.
Change 7403 -> eb03.
This way the kernel will always continue booting the system without testsigning, regardless of what you put in the bcd. The nice thing is you can have testsigning for the first part of the boot process, and choose to finalize the booting without testsigning. When testing kernels it could be a good thing to specify your custom kernel in the bcd with the kernel parameter (like "KERNEL mykernel.exe").
Now TESTSIGNING gets deactivated after the animation is played.
Joakim
Code:
PAGE:00572D42 call _SepIsOptionPresent@8 ; SepIsOptionPresent(x,x) PAGE:00572D47 test eax, eax PAGE:00572D49 jz short loc_572D4D
Code:
PAGE:00572D5A call _SepIsOptionPresent@8 ; SepIsOptionPresent(x,x) PAGE:00572D5F test eax, eax PAGE:00572D61 mov eax, ds:_KeLoaderBlock PAGE:00572D66 jz short loc_572D6B
This way the kernel will always continue booting the system without testsigning, regardless of what you put in the bcd. The nice thing is you can have testsigning for the first part of the boot process, and choose to finalize the booting without testsigning. When testing kernels it could be a good thing to specify your custom kernel in the bcd with the kernel parameter (like "KERNEL mykernel.exe").
Now TESTSIGNING gets deactivated after the animation is played.
Joakim
�� Quote: Originally Posted by joakim This way the kernel will always continue booting the system without testsigning, regardless of what you put in the bcd. The nice thing is you can have testsigning for the first part of the boot process, and choose to finalize the booting without testsigning. When testing kernels it could be a good thing to specify your custom kernel in the bcd with the kernel parameter (like "KERNEL mykernel.exe").
Now TESTSIGNING gets deactivated after the animation is played.
Joakim
bcdedit /set loadoptions changedname (where changedname is what we wrote in ntoskrnl.exe instead of TESTSIGNING).
Found how to change cursor's default white color in boot menu by editing BOOTMGR.XSL resourse of bootmgr.exe.mui:
in section <xsl:template match="osboot-list-tools">
to make it, for example, green:
add inverse-color="XGXIXGXX" after <body background-color="XXXX" foreground-color="RGBX" . This will also change title's and footer's color, because in this template they're not set separately by default, therefore to change them independently, you need to add color=... parameter after <title and <footer .
First, I have been very absent again, my life is getting very busy and I have lost nearly all free time. But I hope to use Joakim's results and get this last major issue in the program solved and published.
@AlexYM 1
The decompression program works with the file you posted. Note: the decompression program is VERY simple and made for testing. You have to extract the compressed data chunk yourself first. To find it search for "MZ" in the file using a hex editor. You have to extract 3 bytes before the second MZ to the end of the file, then run that extracted data through the decompressor. In my full program I have added lots of code to search for the compressed chunk, decompress it, edit it, recompress it, and replace the original data.
@Joakim 1
We know that it exists there. I am personally trying to make my program use what the user has as much as possible, with little edits. He is also talking about the beta, do we know it is the same situation for the beta? I examined it and the decompressed bootmgr.exe has changed.
@Joakim 2
I planned to add the image drawing where the current copyright-startup message drawing takes place.
in winload.exe : _OslpMain:
So my plan was to hijack that already in-place function call to draw BMPs. We have 15 bytes to push a pointer to a custom BMP file and x, y coordinates (easy just to do 0, 0 with a fullscreen BMP). We easily could call a function that loads the BMP file into memory beforehand or right there. We don't even need to do any parsing of the BMP! It is all handled by _BgpGxDrawBitmapImage. It would be nice to add the BMP as a resource of winload.exe or bootres.dll. There is a function in winload.exe for loading those:
To load from winload.exe.mui / winload.exe bitmap resources:
To load from bootres.dll bitmap resources replace the 0 and NULL with BootResourceDllSize and BootResourceDllBase. Of course this needs to be in assembly... look at _BlResourceFindDataFromImage for an example (it essentially identical to my example code above and how I figured all this out).
To prevent the copyright and startup messages from being drawn the test right after _BgpGxDrawBitmapImage needs to be changed and the messages won't be drawn.
@Joakim 3
You have come up with numerous solutions, impressive. However it is a bit overwhelming. Can you do a 'best of', taking into account the following:
@AkexYM 2 and Joakim 4
I don't care if testsigning really is active, the issue I have is that you cannot set testsigning to on from an unattended install until too late. So the testsigning issue (for me at least) is that I want to never have to run anything involving bcdedit.
@AlexYM 1
The decompression program works with the file you posted. Note: the decompression program is VERY simple and made for testing. You have to extract the compressed data chunk yourself first. To find it search for "MZ" in the file using a hex editor. You have to extract 3 bytes before the second MZ to the end of the file, then run that extracted data through the decompressor. In my full program I have added lots of code to search for the compressed chunk, decompress it, edit it, recompress it, and replace the original data.
@Joakim 1
We know that it exists there. I am personally trying to make my program use what the user has as much as possible, with little edits. He is also talking about the beta, do we know it is the same situation for the beta? I examined it and the decompressed bootmgr.exe has changed.
@Joakim 2
I planned to add the image drawing where the current copyright-startup message drawing takes place.
in winload.exe : _OslpMain:
Code:
; graphics_pack is a struct with data about the Vista-style load screen ; The first element is a pointer to the raw BMP file data ; It is NULL when we successfully have loaded the Windows 7 animation .text:004013E4 mov eax, graphics_pack .text:004013E9 mov ecx, [eax] .text:004013EB test ecx, ecx .text:004013ED jz short loc_4013FD ; Position 8 of the structure is the x,y to draw at (2 DWORDS) .text:004013EF add eax, 8 .text:004013F2 push eax ; x,y coords .text:004013F3 push ecx ; pointer to the BMP file data ; Draw the BMP file at the specified x,y position .text:004013F4 call _BgpGxDrawBitmapImage@12 .text:004013F9 test eax, eax .text:004013FB jl short loc_401416 ; This draws the copyright and starting message ; It only runs IF there is no BMP to draw or the BMP was successfully drawn .text:004013FD loc_4013FD: .text:004013FD call _BgpDrawCopyright@0 .text:00401402 test eax, eax .text:00401404 jl short loc_401416 .text:00401406 mov eax, 2338h .text:0040140B call _BlResourceFindMessage@4 .text:00401410 push eax .text:00401411 call _BgDisplayString@4
To load from winload.exe.mui / winload.exe bitmap resources:
Code:
IMAGE_RESOURCE_DATA_ENTRY *entry; // the resource entry void *data = NULL; // the BMP data DWORD id = 1; // or whatever id DWORD size = 0; // the size if (ResFindDataEntryFromImage(0, NULL, 2, &id, 0, &entry, &data) >= 0 ) size = entry->Size; }
To prevent the copyright and startup messages from being drawn the test right after _BgpGxDrawBitmapImage needs to be changed and the messages won't be drawn.
@Joakim 3
You have come up with numerous solutions, impressive. However it is a bit overwhelming. Can you do a 'best of', taking into account the following:
- My code currently updates all checksums so all of those hacks are irrelevant to me.
- I am able to load unsigned bootres.dll and winload.exe,mui without testsigning on {current}. I am pretty sure I do not need any more winload.exe hacks.
- As soon as I turn off testsigning for {bootmgr} things go awry.
@AkexYM 2 and Joakim 4
I don't care if testsigning really is active, the issue I have is that you cannot set testsigning to on from an unattended install until too late. So the testsigning issue (for me at least) is that I want to never have to run anything involving bcdedit.
Hi everyone!
Just tried your app thaimin, and I must say, that I'm pretty surprised that it actually works. Good job! It changed animation and "�Microsoft Corporation" smoothly, but "Starting Windows" ("Trwa uruchamianie systemu Windows" in my case) remains intact. Do you think it could be that I'm Pole, and using polish version of Windows 7? Is there anyway to change it? I'm not really that good in hacking resources, so I can't find it alone. Help appreciated!
Other than that, none problems found. It works really good under my Windows 7 Home Premium x64 Build 7600. I'm looking forward for version of your app that don't need testsigning to run.
And for my contribution to the project I proudly present you my boot animation:
It's Nanami Madobe, official Japanese Windows 7 mascot. I'm not super skilled in animation, but I'm thinking this one is quite decent, so I'm posting it here. You can download activity.bmp from here:
MEGAUPLOAD - The leading online storage and file delivery service
I'll post a video of how it looks during startup later!
If you need it thaimin, I can resize it to different sizes and frame numbers, so you can use it for testing.
I think thats all for now...
Later guys!
Just tried your app thaimin, and I must say, that I'm pretty surprised that it actually works. Good job! It changed animation and "�Microsoft Corporation" smoothly, but "Starting Windows" ("Trwa uruchamianie systemu Windows" in my case) remains intact. Do you think it could be that I'm Pole, and using polish version of Windows 7? Is there anyway to change it? I'm not really that good in hacking resources, so I can't find it alone. Help appreciated
! Other than that, none problems found. It works really good under my Windows 7 Home Premium x64 Build 7600. I'm looking forward for version of your app that don't need testsigning to run.
And for my contribution to the project I proudly present you my boot animation:
It's Nanami Madobe, official Japanese Windows 7 mascot. I'm not super skilled in animation, but I'm thinking this one is quite decent, so I'm posting it here. You can download activity.bmp from here:
MEGAUPLOAD - The leading online storage and file delivery service
I'll post a video of how it looks during startup later!
If you need it thaimin, I can resize it to different sizes and frame numbers, so you can use it for testing.
I think thats all for now...
Later guys!
So there is a solution to the problem you are having (it also happens on my English version but apparently doesn't happen to everyone).
You need to re-run my program but only change the startup text and target winload.exe.mui instead of winload.exe (it will be in system32\pl-PL\ for you). The new version already handles this issue.
You need to re-run my program but only change the startup text and target winload.exe.mui instead of winload.exe (it will be in system32\pl-PL\ for you). The new version already handles this issue.
Your app won't let me patch my winload.exe.mui file, because it couldn't find data about "�Microsoft Corporation", and if it won't find it, then it won't patch the file at all. Maybe it's because localized files differ so much between. Anyway I helped myself with some hex editor and Restorator, and it works now.
So here is my tip: make changing "Starting Windows" and "�Microsoft Corporation" two different processes, both uncheckable, just like changing the animation, so when there is no need to change one of this two components, then you just uncheck what don't interests you, and the app doesn't care about it anymore. Maybe then it will work.
PS.
Sorry if my English isn't understandable. I hadn't chance to use it in a long time, so I'm still warming up ;P.
So here is my tip: make changing "Starting Windows" and "�Microsoft Corporation" two different processes, both uncheckable, just like changing the animation, so when there is no need to change one of this two components, then you just uncheck what don't interests you, and the app doesn't care about it anymore. Maybe then it will work.
PS.
Sorry if my English isn't understandable. I hadn't chance to use it in a long time, so I'm still warming up ;P.
Well, yes, actually that is why I made the separate signing program that can (for sure) sign the MUI since it doesn't look for "�Microsoft Corporation". However I am glad you got it working.
The truth is the new program is VERY different. No more checking what you want to do, it just does what it needs to and does handle the MUI situation. You can check out the preview of alpha 9 which is what alpha 9 feels like but doesn't work (purposely disabled). I have everything except one thing working, which I am waiting to hear back from joakim on.
The new program is incredibly more powerful so I hope you will check it out once it is done.
Your English is great, it is much better than my Polish! (at one point I knew a few words, but not anymore...) I can handle programming languages very well, but I am terrible at real languages.
The truth is the new program is VERY different. No more checking what you want to do, it just does what it needs to and does handle the MUI situation. You can check out the preview of alpha 9 which is what alpha 9 feels like but doesn't work (purposely disabled). I have everything except one thing working, which I am waiting to hear back from joakim on.
The new program is incredibly more powerful so I hope you will check it out once it is done.
Your English is great, it is much better than my Polish! (at one point I knew a few words, but not anymore...) I can handle programming languages very well, but I am terrible at real languages.
@thaimin
I just got a little distracted by myself trying to figure out how to boot off *any* image inside boot.wim; sanbarrow.com • View topic - Booting an arbitrary image inside boot.wim If you by any chance have anything to add on the matter, then feel free..
About the testsigning in {bootmgr}, I will need to run a quick test this evening then. Actually I never tried your recompressor program, so that could possibly be the issue. As I know several ways to bypass testsigning for {bootmgr}, I should be able to identify the issue rather quickly.
Joakim
I just got a little distracted by myself trying to figure out how to boot off *any* image inside boot.wim; sanbarrow.com • View topic - Booting an arbitrary image inside boot.wim If you by any chance have anything to add on the matter, then feel free..
About the testsigning in {bootmgr}, I will need to run a quick test this evening then. Actually I never tried your recompressor program, so that could possibly be the issue. As I know several ways to bypass testsigning for {bootmgr}, I should be able to identify the issue rather quickly.
Joakim
@thaimin
Your compression function does not work 100% correct. Well it works but the compressed file ends up a few bytes bigger than the stub expects. For that reason it will throw a message about bootmgr corrupt.
What we can do before compressing bootmgr.exe, is deleting the embedded certificate as well as the file information (for example). This is just wasted bytes we don't need any longer. Now after compression the size is within what is expected and everything works just fine.
Two hacks are necessary.
1. To deactivate the checksum in the stub, we must replace 7403 with eb08 at 0x105e.
2. To deactivate the signature check replace 7416 with 9090 at va 0x00421ec5.
Joakim
Your compression function does not work 100% correct. Well it works but the compressed file ends up a few bytes bigger than the stub expects. For that reason it will throw a message about bootmgr corrupt.
What we can do before compressing bootmgr.exe, is deleting the embedded certificate as well as the file information (for example). This is just wasted bytes we don't need any longer. Now after compression the size is within what is expected and everything works just fine.
Two hacks are necessary.
1. To deactivate the checksum in the stub, we must replace 7403 with eb08 at 0x105e.
2. To deactivate the signature check replace 7416 with 9090 at va 0x00421ec5.
Joakim
Yeah, I wasn't able to get as good compression as they got (1.27 Kb or 0.3% larger). I tried for awhile to find out why their compression algorithm compressed better but I couldn't (mine seemed optimal...). I thought what could 0.3% larger file really do? It's basically the same size... I guess I was wrong!
Also, when you change the file, the compression for the modified bytes will change (for better or maybe for worse). So yeah, we can get rid of stuff. When you say "embedded certificate" what do you mean? The certificate at the very end of the EXE? I actually already get rid of this in my program! Well, not tested, but I have code that should.
Is #1 necessary? My program updates the checksum automatically on bootmgr.exe.
I will try this hack this weekend and hopefully release Alpha 9.
Also, when you change the file, the compression for the modified bytes will change (for better or maybe for worse). So yeah, we can get rid of stuff. When you say "embedded certificate" what do you mean? The certificate at the very end of the EXE? I actually already get rid of this in my program! Well, not tested, but I have code that should.
Is #1 necessary? My program updates the checksum automatically on bootmgr.exe.
I will try this hack this weekend and hopefully release Alpha 9.
#1 is strictly not needed as long as you always update the checksum of bootmgr.exe. On the other hand, it will still boot fine even with a good checksum.
Yes I meant the embedded signed certificate, which we no longer need for anything. Since it will work when reducing the size slightly before compression, I think you should not bother much with optimizing the compression algorithm.
Let me know if you run into problems with #2.
Joakim
Yes I meant the embedded signed certificate, which we no longer need for anything. Since it will work when reducing the size slightly before compression, I think you should not bother much with optimizing the compression algorithm.
Let me know if you run into problems with #2.
Joakim
For #1, its just I have no code at the moment for modify the stub so I would prefer not to go through the effort of adding it.
I gave up optimizing the compression a long time ago.
I will tell you any problems I have, although hoping for none!
I gave up optimizing the compression a long time ago.
I will tell you any problems I have, although hoping for none!
Guys Im Back!
Sorry For Being Gone For So Long My BIOS Got Corrupted During a BIOS Flash
i can help again and continue Dev with this!
Anything anyone needs?
Sorry For Being Gone For So Long My BIOS Got Corrupted During a BIOS Flash
i can help again and continue Dev with this!
Anything anyone needs?
Is there a way I can use my own certificate to resign it? Where is the boot background? John
Hopefully very soon no certificate will be needed at all!
Thaimin,
you should also include a original copy of the boot flag bmp you can convert it to png if you want to save space
that way a user can just start modding and wont have to worry about how to get his original bmp out of the dll and renaming it ,wim and extracting it and all that
you should also include a original copy of the boot flag bmp you can convert it to png if you want to save space
that way a user can just start modding and wont have to worry about how to get his original bmp out of the dll and renaming it ,wim and extracting it and all that
I already provide a separate download with the original activity.bmp and it split into pieces. I plan to keep this available.
Hello Thaimin
With interest I read your posts and creates a unique animation.
I will put this on rapidshare for the users of your application
The link: YouTube - change Windows 7 boot Animation( to change read the description on right)
With interest I read your posts and creates a unique animation.
I will put this on rapidshare for the users of your application
The link: YouTube - change Windows 7 boot Animation( to change read the description on right)
@RBCC
Also, please read How to change boot animation in Windows 7 about the background image. There currently exists no background image. I would be injecting code into winload.exe and adding a custom resource to bootres.dll.
@win7expert
Very nice animation! I really like it! I'm very glad to see some nice animations being made
@joakim
I am having a problem... but maybe it is with something else, however if you could verify that this works, that would be great. I have uploaded my modified bootmgr to http://www.coderforlife.com/projects...ot/bootmgr.zip
Can you test it and see if it works? If it does work then something else is the problem with my program and I will have to figure that out.
Also, please read How to change boot animation in Windows 7 about the background image. There currently exists no background image. I would be injecting code into winload.exe and adding a custom resource to bootres.dll.
@win7expert
Very nice animation! I really like it! I'm very glad to see some nice animations being made
@joakim
I am having a problem... but maybe it is with something else, however if you could verify that this works, that would be great. I have uploaded my modified bootmgr to http://www.coderforlife.com/projects...ot/bootmgr.zip
Can you test it and see if it works? If it does work then something else is the problem with my program and I will have to figure that out.
@thaimin
It is strange but it seems that the lack of values for the Certificate Table in data directories have caused the error. I just entered some values and now it booted fine with the one you uploaded.
I suspect that we need to implement one of the other signature patches to get rid of this requirement. If you want I can verify that, but will need a few days as I'm busy with other stuff in life right now.
Joakim
Update:
I just tried the other patches and they all require a bogus value in the Certificate Table (ie, it cannot be empty with current patches).
It is strange but it seems that the lack of values for the Certificate Table in data directories have caused the error. I just entered some values and now it booted fine with the one you uploaded.
I suspect that we need to implement one of the other signature patches to get rid of this requirement. If you want I can verify that, but will need a few days as I'm busy with other stuff in life right now.
Joakim
Update:
I just tried the other patches and they all require a bogus value in the Certificate Table (ie, it cannot be empty with current patches).
He he, I just got a few minutes anyway, and found the solution. To boot with erased certificate table we must patch at va 40122c. Change e809300000 -> 90909033c0. Basically we don't call the function that verifies its self integrity, but merely nop it out and xor the eax register with itself to fullfill the check right after. You don't have to patch at va 421ec5 then. I think this is a better solution.
Joakim
Joakim
@abduLLachWML/win7expert
Would be nice if you could upload a few test animations with differences in frames and size etc.
Would be nice if you could upload a few test animations with differences in frames and size etc.
Awesome! I was just going to suggest that I comment out the few lines that clear the entry in the table but that will hopefully work too! Will test when I wake up tomorrow.
I wonder if all the fixed I tried that failed were due to this issue or something similar...
I wonder if all the fixed I tried that failed were due to this issue or something similar...
Don't you still have to patch at 421ec5to to allow the winload.exe to be unsigned? Or does your new patch work for that too?
You are probably right about winload.exe. Keep the patch at 421ec5 to be on the safe side (did not verify this, but it makes sense). The function that 421ec5 is in, is called once each time signature is bad (bootmgr + winload), and with the new patch we have reduced it to just one call (for winload.exe).
Joakim
Joakim
Thaimin,
do you have a newer build of the boot updater?
im on Windows 7 x64 Ultimate so i want to get back in the game and start gettin everything ready
do you have a newer build of the boot updater?
im on Windows 7 x64 Ultimate so i want to get back in the game and start gettin everything ready
If everything goes well with joakim's input I should have one today.
Jeff
Jeff
Bad news, first attempt with using your new hack + the old hack failed.
Second attempt (without clearing the certificate on winload.exe, bootres.dll and winload.exe.mui) also failed.
What could be up?
Second attempt (without clearing the certificate on winload.exe, bootres.dll and winload.exe.mui) also failed.
What could be up?
I have uploaded my bootmgr and winload.exe files at http://www.coderforlife.com/projects/win7boot/files.zip
They should have no modifications except the hacks to prevent signature checking.
By the way, using testsigning on {bootmgr} no longer works... I am becoming thoroughly confused...
They should have no modifications except the hacks to prevent signature checking.
By the way, using testsigning on {bootmgr} no longer works... I am becoming thoroughly confused...
Oh my, could it be easiest to just keep the old hacks then including a bogus value in the certificate table for bootmgr? I'm getting a little dizzy about all this myself. Will look into into later today.
Joakim
Joakim
Yeah. I can try that.
Hello
I have Windows 7 SP1 64 Bit germany version see:
and have testing 64 bit version see:
and NO restart see:
Have you testing for SP1 ???
I have Windows 7 SP1 64 Bit germany version see:
and have testing 64 bit version see:
and NO restart see:
Have you testing for SP1 ???
To change the text with the program you must run the following command (as the website says):
bcdedit /set {bootmgr} testsigning on
We are working on this problem.
We are working on this problem.
whole new bootmgr In sp1 RC
i think to make this work in SP1 we should modify the update to not incorporate bootmgr and other updates then we could use the same resources and update too
i think to make this work in SP1 we should modify the update to not incorporate bootmgr and other updates then we could use the same resources and update too
@nicholai
This is known. I believe AlexYM is looking at the differences in SP1 bootmgr that are relevant. Also, the way I patch is looking up targets, not by a specific offset. The functions that we are patching are pretty core and likely not to change (my research shows that they are almost identical in Vista bootmgr (SP2) and Windows 7 (SP0)) along with nearly identical functions in winload.exe.
The current version does not modify bootmgr at all, it requires the bcd entry for bootmgr to be modified.
This is known. I believe AlexYM is looking at the differences in SP1 bootmgr that are relevant. Also, the way I patch is looking up targets, not by a specific offset. The functions that we are patching are pretty core and likely not to change (my research shows that they are almost identical in Vista bootmgr (SP2) and Windows 7 (SP0)) along with nearly identical functions in winload.exe.
The current version does not modify bootmgr at all, it requires the bcd entry for bootmgr to be modified.
@thaimin
ok that cleared a lot up
thx
ok that cleared a lot up
thx
Even if bootmgr should have changed that drastically, you could easily solve the issue by substituting it with the previous version (or an older one). Beware that unless you are native booting from vhd, you could even use the vista version to boot Windows 7. I even have an old Longhorn version from 2005 that will boot Windows 7 (however this particular version does not work in 64-bit, but that will the Vista and later ones do).
Bottom line is you can preatty much use whatever bootmgr you find to boot any nt6 system, with the few exceptions mentioned above.
Joakim
Bottom line is you can preatty much use whatever bootmgr you find to boot any nt6 system, with the few exceptions mentioned above.
Joakim
Ok thanks for info i waiting for next version !!! 
Does one have to unsign then resign bootres.dll in order to make it work? Can I reposition the animation? If so how? John
You can definetely boot without testsigning, now with latest research, and you don't have to resign the files (you can even boot with bad checksum in all core files). About a repositioned animation, that should apparently work according to AlexYM's notes, but I have never tried, so I can't verify that.
You should read the latest research notes to get an understanding of how it works. It should be well explained.
Joakim
You should read the latest research notes to get an understanding of how it works. It should be well explained.
Joakim
Do you have to unsign the bootres.dll? Also How do I change the boot background? John
No, you don't have to unsign, resign or anything regarding the certificates. What boot background? Menu as presented by bootmgr, the frame with the animation, or any of the individual frames in between when switching from bootmgr to winload.exe? In any way, currently it is only possible to change the colour of the background in these frames (unless thaimin has done some major vodoo lately and incorporated it in his latest tool).
Joakim
Joakim
Have read this on MDL forum and just thought it may help to "pre-install" certain bcd options on DVD, so i'm quoting here:
==============================
boot store is automatically created during setup from windows\system32\config\bcd-template (no extension, its a registry hive) file inside install.wim (extract it with 7zip), and since {default} entry doesnt exist there yet - you just edit its {globalsettings} so that all new entries (guids, so cant guess) will inherit from that, and add it to dvd:\sources\$OEM$\$$\system32\config folder
BCDEdit /store C:\BCD-template /set {globalsettings} TestSigning On
BCDEdit /store C:\BCD-template /set {globalsettings} NoIntegrityChecks On
=============================
I can only add that instead of using 7zip we can use imagex and save modified bcd-template on it's place inside wim rather than copying it to dvd:\sources\$OEM$\$$\...
==============================
boot store is automatically created during setup from windows\system32\config\bcd-template (no extension, its a registry hive) file inside install.wim (extract it with 7zip), and since {default} entry doesnt exist there yet - you just edit its {globalsettings} so that all new entries (guids, so cant guess) will inherit from that, and add it to dvd:\sources\$OEM$\$$\system32\config folder
BCDEdit /store C:\BCD-template /set {globalsettings} TestSigning On
BCDEdit /store C:\BCD-template /set {globalsettings} NoIntegrityChecks On
=============================
I can only add that instead of using 7zip we can use imagex and save modified bcd-template on it's place inside wim rather than copying it to dvd:\sources\$OEM$\$$\...
@AlexYM
You seem to know a few bcd tricks. Nice!
Moving this post slightly off topic now, but do you know anything about the STAMPDISKS parameter (related to winpe usage). I've studied the bcd reference but can not draw any logic out of it about STAMPDISK(S). Neither have I ever seen it being discussed anywhere (except by me).
Since this was an off topic post, people that have been reversing bootmgr lately might find this thread interesting; sanbarrow.com • View topic - Booting an arbitrary image inside boot.wim I finally found a way to boot another non-bootable image inside boot.wim. It requires some major hacking of bootmgr. So it is possible to merge several wims into one boot.wim and boot off any image inside it.
Joakim
You seem to know a few bcd tricks. Nice!
Moving this post slightly off topic now, but do you know anything about the STAMPDISKS parameter (related to winpe usage). I've studied the bcd reference but can not draw any logic out of it about STAMPDISK(S). Neither have I ever seen it being discussed anywhere (except by me).
Since this was an off topic post, people that have been reversing bootmgr lately might find this thread interesting; sanbarrow.com • View topic - Booting an arbitrary image inside boot.wim I finally found a way to boot another non-bootable image inside boot.wim. It requires some major hacking of bootmgr. So it is possible to merge several wims into one boot.wim and boot off any image inside it.
Joakim
What do I have to do to get this to work? Maybe I am missing something do I have to hex edit winload.exe??? John @joakim
I don't really know much about WinPE stuff and related bcd options, some info about stampdisks is in Windows Internals, Fifth edition book (chapter 13), quote from online Safari preview:
stampdisks boolean
Speci?es that Winload will write an MBR disk signature to a RAW disk when booting Windows PE (Preinstallation Environment). This can be required in
deployment environments in order to create a mapping from operating system�enumerated hard disks to BIOS-enumerated hard disks to know which disk should be the system disk.
I don't really know much about WinPE stuff and related bcd options, some info about stampdisks is in Windows Internals, Fifth edition book (chapter 13), quote from online Safari preview:
stampdisks boolean
Speci?es that Winload will write an MBR disk signature to a RAW disk when booting Windows PE (Preinstallation Environment). This can be required in
deployment environments in order to create a mapping from operating system�enumerated hard disks to BIOS-enumerated hard disks to know which disk should be the system disk.
How do I edit NTOSKRNL.exe to create a new bootscreen background? How many colours can the background have in it? What security issues do I have to deal with? John
You can modify the bootscreen as was done in XP, by modifying the embedded image in the kernel. However, since the kernel wil get an invalidated certificate from this hack (like all mods), you must either configure testsigning, or implement the patches as already descibed ealier, in bootmgr and winload.exe (yes I've boot with almost each and every boot-related file with bad checksum (which by definition also will have an invalidated digital certificate of course).
So it is without doubt a security issue as you cannot selectively choose which files to not perform checks on. Well, you can, sort of but that is before the kernel is loaded anyway.
About the colorfulness of the bootscreen, I think it is as restricted as it was for the same hack for XP. And you cannot implement both (ie bootscreen + animation). You must choose one of them.
Joakim
So it is without doubt a security issue as you cannot selectively choose which files to not perform checks on. Well, you can, sort of but that is before the kernel is loaded anyway.
About the colorfulness of the bootscreen, I think it is as restricted as it was for the same hack for XP. And you cannot implement both (ie bootscreen + animation). You must choose one of them.
Joakim
How is @thaimin doing on his project? Has he figured out the background? How do I reposition and size the animation?
Hi i'am a noob can some one make a program for generating the activity.bmp please
features like converting the videos to activity.bmp
batch converting images to activity.bmp
& some cool features
cos i've ideas to create cool custom Windows 7 bootscreens like
Rose blossoms & lights up
Exploding fire & loops up the flames
Transformer transforms
PS3 XMB WAVES
& much more
can some one help me in making activity.bmp or please someone make these things & put this things for sharing Please
features like converting the videos to activity.bmp
batch converting images to activity.bmp
& some cool features
cos i've ideas to create cool custom Windows 7 bootscreens like
Rose blossoms & lights up
Exploding fire & loops up the flames
Transformer transforms
PS3 XMB WAVES
& much more
can some one help me in making activity.bmp or please someone make these things & put this things for sharing Please
I am preatty sure there's lots of talented people that can create amazing animations. I am not one of them! thaimins tool, which is linked in the first post, can currently create activity.bmp out of individual images. If you can wait a little then his improved version will likely have lots of more features added.
Please start a new thread if you want a collection of animations or answers on how to create a good animation.
(I'm not the programmer, just the researcher/reverser).
Joakim
Please start a new thread if you want a collection of animations or answers on how to create a good animation.
(I'm not the programmer, just the researcher/reverser).
Joakim
Ok!
Hi Guys
I'll upload my animation in the near future, but i have it on another machine.
Otherwise I can help with some scripts to set bootloader testsigning on and if its an error, go to last state of the bootloader configuration.
It's a batch script:
Sorry for my bad english: Im from switzerland...
I'll upload my animation in the near future, but i have it on another machine.
Otherwise I can help with some scripts to set bootloader testsigning on and if its an error, go to last state of the bootloader configuration.
It's a batch script:
Code:
md C:\backup bcdedit /export C:\backup\bcd If Errorlevel 1 goto err_back bcdedit -set {current} testsigning Yes If Errorlevel 1 goto err_testsign goto reboot :err_back del C:\MSI del C:\Backup error.vbs goto end :err_testsign bcdedit /import C:\Backup\bcd error.vbs goto end :end exit :reboot shutdown /r /t 5 /p It would be nice to see some sample animations. Please provide a link.
The TESTSIGNING is not necessary anymore. Actually it's more or less the same whatever solution you choose. Either set TESTSIGNING on and hide the fact that it is configured (the watermark). Or you simply apply patches to bootmgr and winload.exe to deactivate the signature checks and you effectively end up with the same as TESTSIGNING, although it's not configured. And maybe there was a third way (suggested by AlexYM) that I did not have time to investigate..
Whatever you choose, you will for sure have opened a security hole. Don't forget that!
Joakim
The TESTSIGNING is not necessary anymore. Actually it's more or less the same whatever solution you choose. Either set TESTSIGNING on and hide the fact that it is configured (the watermark). Or you simply apply patches to bootmgr and winload.exe to deactivate the signature checks and you effectively end up with the same as TESTSIGNING, although it's not configured. And maybe there was a third way (suggested by AlexYM) that I did not have time to investigate..
Whatever you choose, you will for sure have opened a security hole. Don't forget that!
Joakim
Thanks for your reply
I will upload soon my custom animation and provide it
How you can turn bootmgr and winload.exe signature check off? Can you use a hex-editor to change some values in the files?
It's true... I have to create a protection for the security hole when i use the testsigning mode of bootmgr... It's necessary to create an application written in assembler to protect the PC from applications than use the testsigning security hole, I think...
Sorry for my bad english... I hope you unterstand it...
I will upload soon my custom animation and provide it
How you can turn bootmgr and winload.exe signature check off? Can you use a hex-editor to change some values in the files?
Quote:
Whatever you choose, you will for sure have opened a security hole. Don't forget that!
Sorry for my bad english... I hope you unterstand it...
�� Quote: Originally Posted by win7expert How you can turn bootmgr and winload.exe signature check off? Can you use a hex-editor to change some values in the files?
For any security application it should not matter what language it's written in.
The point is that the system (after these hacks) has a number of boot related system files that is not trusted/validated in any way. Don't forget that some parts of these hacks do some of the things that a bootkit would do (ie disable signature validations). However, these are done on-disk while a bootkit would do it in-memory. But it's still completely different things..
Joakim
@Thaimin
Whats going on Thaimin?
you need any help or do you have all your data for getting it to work.
i just want this project to be rapped up
if you need help with anything just ask
@Joakim
ill work on some animations later today or tommorrow
sorry for the wait
Whats going on Thaimin?
you need any help or do you have all your data for getting it to work.
i just want this project to be rapped up
if you need help with anything just ask
@Joakim
ill work on some animations later today or tommorrow
sorry for the wait
Thanks to Thaimin and Joakim for this work...
If you need a little bit help, don't wait to ask me
Sorry for my bad english..., im from switzerland
If you need a little bit help, don't wait to ask me
Sorry for my bad english..., im from switzerland
�� Quote: Originally Posted by win7expert Thanks to Thaimin and Joakim for this work...
If you need a little bit help, don't wait to ask me
Sorry for my bad english..., im from switzerland
If you need a little bit help, don't wait to ask me
Sorry for my bad english..., im from switzerland
I'm a student of IT in the first year.
In the scool, we have 2 lessons called "English for IT-Students". In some other Windows 7 Forums, i'm a S-MOD, but its written in german (The largest Windows 7 Forum of Europe)
The URL is: http://windows-7-forum.net; I don't know if you know it...
In the scool, we have 2 lessons called "English for IT-Students". In some other Windows 7 Forums, i'm a S-MOD, but its written in german (The largest Windows 7 Forum of Europe)
The URL is: http://windows-7-forum.net; I don't know if you know it...
�� Quote: Originally Posted by win7expert I'm a student of IT in the first year.
In the scool, we have 2 lessons called "English for IT-Students". In some other Windows 7 Forums, i'm a S-MOD, but its written in german (The largest Windows 7 Forum of Europe)
The URL is: http://windows-7-forum.net; I don't know if you know it...
In the scool, we have 2 lessons called "English for IT-Students". In some other Windows 7 Forums, i'm a S-MOD, but its written in german (The largest Windows 7 Forum of Europe)
The URL is: http://windows-7-forum.net; I don't know if you know it...
nice work, I am itching to make my own animation..
I do however rely very heavily on my laptop for work and I am not prone to open any additional security holes.. Am I correct in assuming that this tweak is still to "dangerous" to use on a work-machine?
edit: Furthermore, I use GRUB to handle dualboot Win7 on primary, ubuntu on logical partition, can this have any undesired effects in conjucktion with this tweak?
I do however rely very heavily on my laptop for work and I am not prone to open any additional security holes.. Am I correct in assuming that this tweak is still to "dangerous" to use on a work-machine?
edit: Furthermore, I use GRUB to handle dualboot Win7 on primary, ubuntu on logical partition, can this have any undesired effects in conjucktion with this tweak?
If bootmgr is chainloaded makes no difference about these tweaks. The actual tweak (modded animation) will by definition in terms of Windows 7 have some drawbacks like loosened security.
So if this is something that could get you into trouble I would advise against exploration with the stuff posted here.
What I've done so far, is hacking on a virtual test machine running in vmware. For me it has only been about getting a hack to work, without considering other side effects like security.
Therefore I can not in any way guarantee for the safety of your system if trying out this stuff. Enough said about that.
Joakim
So if this is something that could get you into trouble I would advise against exploration with the stuff posted here.
What I've done so far, is hacking on a virtual test machine running in vmware. For me it has only been about getting a hack to work, without considering other side effects like security.
Therefore I can not in any way guarantee for the safety of your system if trying out this stuff. Enough said about that.
Joakim
Of course its a security hole... But i think its only if you enable testsigning...
On the current work of thaimin, the programm don't enable testsigning. They disable the checking of the signature inside the bootloader. This isn't a large security hole because we can create a security patch to disable the access to bootmgr.
But this is not stable on the moment... I think... Its only a preview...
On the current work of thaimin, the programm don't enable testsigning. They disable the checking of the signature inside the bootloader. This isn't a large security hole because we can create a security patch to disable the access to bootmgr.
But this is not stable on the moment... I think... Its only a preview...
I think it's a good thing to point out the security issues that comes with these hacks, although I'm no security expert. If my patches are applied then all bootrelated files must be protected as well, not just bootmgr. It is easy to add your own code to any of these executables (like I showed earlier with winload.exe and the text colour above the animation). Imagine how much nasty code you could possibly put in there if you had the knowledge. Especially the kernel must the protected, but they're important all of them.
Haven't heard from thaimin in a long time. Hope he's doing fine.
Joakim
Haven't heard from thaimin in a long time. Hope he's doing fine.
Joakim
thaimin is very busy! He might have time to work in a couple of days, give him until after Thankgiving. John
Now I have uploaded my custom animation:
http://www.youtube.com/watch?v=JYYDe...eature=related
Download it here: MEGAUPLOAD - The leading online storage and file delivery service
Its splitted to 105 Bitmaps, because I don't know how to make an activity.bmp
Password is
http://www.youtube.com/watch?v=JYYDe...eature=related
Download it here: MEGAUPLOAD - The leading online storage and file delivery service
Its splitted to 105 Bitmaps, because I don't know how to make an activity.bmp
Password is
Quote:
thaimin
Okay, thanks for the reply
I will await further development and hope for a solution that is safe or one that includes a guide on how to make it so
Keep up the good work!
I will await further development and hope for a solution that is safe or one that includes a guide on how to make it so
Keep up the good work!
Quote:
I will await further development and hope for a solution that is safe or one that includes a guide on how to make it so
Only extract the zip file and choose the folder of the animation.
But don't forget that changes on the boot-text don't work...!!!
By "a guide to make is so" I meant a guide on how to secure the bootfiles after using "text-signing".
Or did I misunderstand something?
Or did I misunderstand something?
�� Quote: Originally Posted by win7expert Now I have uploaded my custom animation:
YouTube - change Windows 7 boot Animation( to change read the description on right)
Download it here: MEGAUPLOAD - The leading online storage and file delivery service
Its splitted to 105 Bitmaps, because I don't know how to make an activity.bmp
YouTube - change Windows 7 boot Animation( to change read the description on right)
Download it here: MEGAUPLOAD - The leading online storage and file delivery service
Its splitted to 105 Bitmaps, because I don't know how to make an activity.bmp
Password is
Quote:
thaimin
oHHHH thanXX dud this is wht i searched
whats wrong with Thaimin?
why hasent he posted in a Looong time?
why hasent he posted in a Looong time?
I don't know, but I think he's very busy in this time.
I have created a Windows 7 boot animation with the animation from the Lost tv show, where the word LOST floats to the front of the screen.
You can download it here, it works on my (virtual) machine:
http://www.deathless.it/activity.bmp
You can download it here, it works on my (virtual) machine:
http://www.deathless.it/activity.bmp
Thanks you very much for your animation!!
Great work of community
Great work of community
How do I change the position and size of the boot animation? John
Quote:
How do I change the position and size of the boot animation?
Its 200x200 for each picture (105 Pictures)
Quote:
John
Edit: I've seen its your name... Sorry
Last Activity of Thaimin: 4 Days Ago
With c? or with a hex editor? reshack?
The background that I want to put it into is a little smaller then 200X200, can I make it 100X100? What do I modify in order to do this?
The animation is in the wrong place for my animation.
Thaimin:
Has been busy with work and his doctorial dissertation, He said that he might have time to work on it in a couple of weeks. That was about a week ago.
John, yes that is my name
The background that I want to put it into is a little smaller then 200X200, can I make it 100X100? What do I modify in order to do this?
The animation is in the wrong place for my animation.
Thaimin:
Has been busy with work and his doctorial dissertation, He said that he might have time to work on it in a couple of weeks. That was about a week ago.
John, yes that is my name
thanks for the update RBCC,
i was starting to think he had dropped out of this project
RBCC,
its almost impossible to change the animation size and it would require so much work that its not really worth it
why dont you wat it to be 200x200?
if its just the amount of work it would take to enlarge it i can help if you want
i was starting to think he had dropped out of this project
RBCC,
its almost impossible to change the animation size and it would require so much work that its not really worth it
why dont you wat it to be 200x200?
if its just the amount of work it would take to enlarge it i can help if you want
A much bigger animation would be wonderful, but I understand it would be hell to try it.
I have tested my animation on a virtual machine and it works, but it's Windows 7 32bit in test mode. I'm on W7 64bit, I would have to enable test mode too right? There's no way around it.
I have tested my animation on a virtual machine and it works, but it's Windows 7 32bit in test mode. I'm on W7 64bit, I would have to enable test mode too right? There's no way around it.
yes you will have to enable test signing
UNTIL THAIMIN'S app comes out then it wont be nessacary
UNTIL THAIMIN'S app comes out then it wont be nessacary
Quote:
UNTIL THAIMIN'S app comes out then it wont be nessacary
When Thaimins app is finished, the pc-magazines will write an article about and how to changing the Windows Seven boot animation...!!!
im sure
and i hope we do get that kind of coverage
i also like recognition
and i hope we do get that kind of coverage
i also like recognition
I can't wait too...
Currently, i'm working to design a special application that allows to use 4 GB of Memory in x86 Operating Systems using the Physical Adress Extension (PAE).
Now i've created a Beta to Test it in some VMs and --- IT WORKS !!!
The Application has a backup and debug function. I will share it soon with you... But it will not be OpenSource, I think...!!!
Greetz
win7expert (Codername: MSI_CH)
Now i've created a Beta to Test it in some VMs and --- IT WORKS !!!
The Application has a backup and debug function. I will share it soon with you... But it will not be OpenSource, I think...!!!
Greetz
win7expert (Codername: MSI_CH)
The background I am using for my bootscreen has such a small space that I am afraid the 200X200 graphic would dwarf it. Is it possible to move the animation around the screen? John
Quote:
The background I am using for my bootscreen has such a small space that I am afraid the 200X200 graphic would dwarf it. Is it possible to move the animation around the screen?
Hi. Windows 7 Boot Uptader x64.exe says the program has stopped working.Help Me
Hi all!
I have been quite busy. The quarter has turned out to be busy, and then just when things start to settle down, it gets even busier! I am thankful for everyone's patience with this. It is Thanksgiving break here in the States and I am using it to catch up on lots of work. My list of things to to do is still quite long however and I am afraid that until mid-December I will not be able to return to this project.
I have not left this project, do not worry. This project is important step on something I have been working on for 5 years (back then it only required modifying the XP bootup which was a piece of cake compared to this, although having an animation is cooler). I am not about to drop this.
I will answer some questions / comments that have come up though:
Animation position / size / length / etc.
Long ago (early in this thread) I discovered that the animation is only loaded in winload.exe but is drawn in ntoskrnl.exe. AlexYM has verified this not too long ago. The main issue here is that ntoskrnl requires modification, which opens a big security hole. Additionally, a larger animation will take more time to load and display, slowing down boot up (the current method should not affect bootup times at all, and at most a couple miliseconds). Another downside is the ntoskrnl is updated much more frequently than either bootmgr or winload (those are still updated, but not that often). For these reasons I do not wish to make this an option at this time, maybe one day in the future. At the moment Patch Guard for Win 7 final is not even solved! (The solutions out there only seem to work for the betas and RCs).
Recognition
Online PC magazines have already published things about it, even when I warned them about all the problems the current version has. This has encouraged me to finish up, if not only to stop the flood of emails from people who don't realize the program has problems or don't read the fixes I have posted on the website.
"Program has Stopped Working" Issue
This is an issue that I have no solution to at the moment. The new version will hopefully not have this issue since it has an entirely different core to the program. I believe it is an issue with certain language versions of Windows (but not English or many others) and the built-in program bcdedit. The new version does not use bcdedit anymore so this issue will hopefully go away.
Changing the Text
Using my current programs you CAN change the text, it just takes a bit of extra work. To change the copyright notice, you must run
In an admin command window BEFORE restarting the computer. To change the other text, you must use a resource editor on winload.exe.mui and change the last message entry. Then download my winload.exe signer (there is a link on my webpage) and target the file winload.exe.mui. It will sign it for you and it should work! The MUI file is located in Windows\System32\LOCALE\ where LOCALE is your locale (en-US for the US, de-DE for Germany, etc).
Making and Breaking Activity.bmp
I have decided to make one of my predecessor programs available to you all before the new version is made. It can create and break apart activity.bmp. In the next version, the preferred way to share animations will be through the boot skin it creates, which contains the activity.bmp (compressed) among lots of other information. The preview can already create these boot skins. The program is located at http://www.coderforlife.com/projects/win7boot/BootRes.exe. It is a command line program. Running it without arguments tells you how to use it.
If there are any other questions, concerns, problems, etc please post them and I will get back in a few days.
I have been quite busy. The quarter has turned out to be busy, and then just when things start to settle down, it gets even busier! I am thankful for everyone's patience with this. It is Thanksgiving break here in the States and I am using it to catch up on lots of work. My list of things to to do is still quite long however and I am afraid that until mid-December I will not be able to return to this project.
I have not left this project, do not worry. This project is important step on something I have been working on for 5 years (back then it only required modifying the XP bootup which was a piece of cake compared to this, although having an animation is cooler). I am not about to drop this.
I will answer some questions / comments that have come up though:
Animation position / size / length / etc.
Long ago (early in this thread) I discovered that the animation is only loaded in winload.exe but is drawn in ntoskrnl.exe. AlexYM has verified this not too long ago. The main issue here is that ntoskrnl requires modification, which opens a big security hole. Additionally, a larger animation will take more time to load and display, slowing down boot up (the current method should not affect bootup times at all, and at most a couple miliseconds). Another downside is the ntoskrnl is updated much more frequently than either bootmgr or winload (those are still updated, but not that often). For these reasons I do not wish to make this an option at this time, maybe one day in the future. At the moment Patch Guard for Win 7 final is not even solved! (The solutions out there only seem to work for the betas and RCs).
Recognition
Online PC magazines have already published things about it, even when I warned them about all the problems the current version has. This has encouraged me to finish up, if not only to stop the flood of emails from people who don't realize the program has problems or don't read the fixes I have posted on the website.
"Program has Stopped Working" Issue
This is an issue that I have no solution to at the moment. The new version will hopefully not have this issue since it has an entirely different core to the program. I believe it is an issue with certain language versions of Windows (but not English or many others) and the built-in program bcdedit. The new version does not use bcdedit anymore so this issue will hopefully go away.
Changing the Text
Using my current programs you CAN change the text, it just takes a bit of extra work. To change the copyright notice, you must run
Code:
bcdedit /set {bootmgr} testsigning on Making and Breaking Activity.bmp
I have decided to make one of my predecessor programs available to you all before the new version is made. It can create and break apart activity.bmp. In the next version, the preferred way to share animations will be through the boot skin it creates, which contains the activity.bmp (compressed) among lots of other information. The preview can already create these boot skins. The program is located at http://www.coderforlife.com/projects/win7boot/BootRes.exe. It is a command line program. Running it without arguments tells you how to use it.
If there are any other questions, concerns, problems, etc please post them and I will get back in a few days.
THANKS Thaimin!
@ Win7Expert,
im not sure what your exact intension is about your 4GB PAE App
but Windows Ultimate Tweaker i know for a fact will aloow you to do this.
but im not sure what exactly you were making it for so i cant be sure if you wasted your time
i hope not!
im not sure what your exact intension is about your 4GB PAE App
but Windows Ultimate Tweaker i know for a fact will aloow you to do this.
but im not sure what exactly you were making it for so i cant be sure if you wasted your time
i hope not!
I do not understand the step 4, How do I give to PE-editor do the work for me?
�� Quote: Originally Posted by Adiel ssj I do not understand the step 4, How do I give to PE-editor do the work for me?
For users not familiar with those tools, that don't understand the steps, may be better off by just waiting for thaimins finalized tool (which is an amazing piece of work).
When I get some spare time (in a couple of weeks hopefully), I will update the first post with complete instructions on all interesting points we have discussed during this thread. That way the advanced users can find and choose to do the hacks by them self. Either way it's about time to collect all the nice details into the first post, as not all 362 posts (so far) in this thread are 100 % correct or even relevant.
It is clear enough for me, but it certainly looks like a mess if you go through all this for the first time..Joakim
Quote:
im not sure what your exact intension is about your 4GB PAE App
but Windows Ultimate Tweaker i know for a fact will aloow you to do this.
but im not sure what exactly you were making it for so i cant be sure if you wasted your time
i hope not!
but Windows Ultimate Tweaker i know for a fact will aloow you to do this.
but im not sure what exactly you were making it for so i cant be sure if you wasted your time
i hope not!
Greetz
win7expert
i wasnt trying to say you were wasting your time i ust wanted to make sure thatyou knew about it
Is this application "Ultimate Tweaker" free or do you pay for it?
Greetz
win7expert
Greetz
win7expert
�� Quote: Originally Posted by win7expert Is this application "Ultimate Tweaker" free or do you pay for it?
Greetz
win7expert
Greetz
win7expert
Nincompoop
@Win7Expert
It is Absolutely FREE!!!
http://www.thewindowsclub.com/ultima...ista#more-1957
@Snowcap
not cool man theres alot im sure you dont know either
It is Absolutely FREE!!!
http://www.thewindowsclub.com/ultima...ista#more-1957
@Snowcap
not cool man theres alot im sure you dont know either
�� Quote: Originally Posted by marcusj0015 @Win7Expert
It is Absolutely FREE!!!
Ultimate Windows Tweaker, a TweakUI for Windows 7 & Vista | The Windows Club
@Snowcap
not cool man theres alot im sure you dont know either
It is Absolutely FREE!!!
Ultimate Windows Tweaker, a TweakUI for Windows 7 & Vista | The Windows Club
@Snowcap
not cool man theres alot im sure you dont know either
But I'm going back into the shadows, I've been too exposed.....
In Switzerland we don't use tis tool because we have many people, they don't know mutch about PCs. Only who they can start or open word or excel.
This is not very nice by you. And this is your only and first Post... Very Poor 
Quote:
I honestly think you should change your name to
Nincompoop
Nincompoop
@thaimin
I cannot find the link to the bootmgr tool that you made. Do you still have it?
I'm currently updating the first post with some of the details that have been revealed during the discussions and research.
Joakim
I cannot find the link to the bootmgr tool that you made. Do you still have it?
I'm currently updating the first post with some of the details that have been revealed during the discussions and research.
Joakim
@snowcap
did you notice that he is Swedish?
they dont speak of the English in Switzerland which means that he is reading a foreign language much more difficult.
i think he did a hell of a job considering i only know a handful of foreign words.
did you notice that he is Swedish?
they dont speak of the English in Switzerland which means that he is reading a foreign language much more difficult.
i think he did a hell of a job considering i only know a handful of foreign words.
First post is now updated with lots of information discussed through this thread. If anything important is missed, let me know.
Joakim
Joakim
@joakim
I have that link. I was working on reorganizing the entire website for the project to work on creating a system to upload bootskins.
I have a new page that includes:
Coder for Life - Projects - Windows 7 Boot Updater - Extras
I have that link. I was working on reorganizing the entire website for the project to work on creating a system to upload bootskins.
I have a new page that includes:
- bmzip: the bootmgr (de)compressor
- BootRes: breaks apart and puts together acivity.bmp (includes source)
- MsgTableEditor: for playing around with programatically modifying message tables (includes source)
Coder for Life - Projects - Windows 7 Boot Updater - Extras
OK that's great. Link attached to first post. If I get the time before Christmas I will make an attempt at drawing a bmp with winload.exe with the theory you described earlier. We'll see...
Joakim
Joakim
A few more things:
I updated the preview of the next version. I know, just want you want a better GUI without still working... its just that it is easier to do that instead of the testing... It includes a part about the background image (the 'pro' version, can you think of a better name?), however that part is even less tested than the other stuff.
@joakim
With the the background image stuff, I have a bunch of stuff that I have thought out about it. I can email you with what I have. I have most of the assembly code which I think is necessary written out.
Also, your updated first page is very well written! And has so much good information all in one place. I added a link to the forum on my page (I should have done that before).
Jeff
I updated the preview of the next version. I know, just want you want a better GUI without still working... its just that it is easier to do that instead of the testing... It includes a part about the background image (the 'pro' version, can you think of a better name?), however that part is even less tested than the other stuff.
@joakim
With the the background image stuff, I have a bunch of stuff that I have thought out about it. I can email you with what I have. I have most of the assembly code which I think is necessary written out.
Also, your updated first page is very well written! And has so much good information all in one place. I added a link to the forum on my page (I should have done that before).
Jeff
Sure I can do some code testing, whenever I get the time. That's great Jeff!
Joakim
Joakim
Will it be possible to revert back to Vista-style progress bar instead of using a Windows7 type 200x200 animation?
I would love to make this old school Microsoft Windows version 1.01 boot screen image my boot screen background. I think it would be sick with a progress bar.
I would love to make this old school Microsoft Windows version 1.01 boot screen image my boot screen background. I think it would be sick with a progress bar.
That is exactly what we will be testing from now on. Basically it's about getting winload.exe to draw a bmp. But I don't think this will be solved until January, because of limited time for all parties.
Until then you can put the bmp as a resource in the kernel to get a static image displayed, just like you did on XP. But this is not nice at all..
Joakim
Until then you can put the bmp as a resource in the kernel to get a static image displayed, just like you did on XP. But this is not nice at all..
Joakim
@Thaimin,
i can also help you with testing im on the coveted Windows 7 x64!
i can also help you with testing im on the coveted Windows 7 x64!
If you modify or remove bootres.dll you then get the Windows Vista bootup, and I think you can modify that one like you would in Vista.
@marcusj
Soon! Right now 32-bit doesn't even work. I also have 64-bit test environments, however it is easier to do all the studying in 32-bit. Hopefully with the very clear guide joakim has assembled on the first page I will be able to get this to work easily now!
You do have a good eye for the GUI so check out the newest rendition in the mean time!
Soon! Right now 32-bit doesn't even work. I also have 64-bit test environments, however it is easier to do all the studying in 32-bit. Hopefully with the very clear guide joakim has assembled on the first page I will be able to get this to work easily now!
You do have a good eye for the GUI so check out the newest rendition in the mean time!
I had some time to do some testing, and I came across a shocking discovery. The changes I make to bootmgr aren't actually doing anything! I check the file C:\Windows\Boot\PCAT\bootmgr and I find that the file was being changed changed properly but when I debug the boot-up process, I can see the lines of code that should have changed, but they are the same!
My testing environment (where I was using a default fresh install of Windows 7) does add a "System Reserved" 100MB partition. Normally I pre-partitioned the system with Linux and then installed Windows, and then it does not add the 100MB partition. It contains a bootmgr file. In fact its the bootmgr that gets used!
I should have listened to marcusj earlier. At least I now know why it wasn't working, why every hack joakim or I found didn't work, its because I was editing the wrong file!
Now I have a couple options:
I tested method 2 with adding the path myself and it "worked" however I was using a version of my program that had an over-abundance of bad hacks since I was just trying to get stuff to do something before I came across this. Tomorrow I will test out the program and hope everything works!
My testing environment (where I was using a default fresh install of Windows 7) does add a "System Reserved" 100MB partition. Normally I pre-partitioned the system with Linux and then installed Windows, and then it does not add the 100MB partition. It contains a bootmgr file. In fact its the bootmgr that gets used!
I should have listened to marcusj earlier. At least I now know why it wasn't working, why every hack joakim or I found didn't work, its because I was editing the wrong file!
Now I have a couple options:
- Tell people they can't use the setup with 100MB partitions, not cool since removing it will trash your computer and it alienates a lot of people.
- Modify the bootmgr on the 'hidden' partition:
- Mount the partition (can mount to an NTFS folder)
- Modify the file (the code I have now should work (once fixed))
- Unmount the partition
- Use bcdedit to change the target of the bootmgr to the visible drive
I tested method 2 with adding the path myself and it "worked" however I was using a version of my program that had an over-abundance of bad hacks since I was just trying to get stuff to do something before I came across this. Tomorrow I will test out the program and hope everything works!
So, I know I have been posting a lot recently, but its to make up for the lost time before!
@joakim
I'm sorry, but I changed the link again for the bmzip program... if you could update the first page that would be awesome. The new link: http://www.coderforlife.com/projects.../extras/#bmzip (or without the #...)
For everyone, I have found some slick tricks with partition management so that the hidden partition is not really that hidden. I have made a little demo program that shows this off while being useful. It opens an Explorer window with the hidden partition in it! Check it out:
http://www.coderforlife.com/projects/win7boot/extras/#OpenHiddenSystemDrive
@joakim
I'm sorry, but I changed the link again for the bmzip program... if you could update the first page that would be awesome. The new link: http://www.coderforlife.com/projects.../extras/#bmzip (or without the #...)
For everyone, I have found some slick tricks with partition management so that the hidden partition is not really that hidden. I have made a little demo program that shows this off while being useful. It opens an Explorer window with the hidden partition in it! Check it out:
http://www.coderforlife.com/projects/win7boot/extras/#OpenHiddenSystemDrive
@Thaimin
i agree programs seem to be easier on 32 bit
and where is your latest program so i can test your GUI?
~EDIT~
found your latest Program!
but your link for the hidden system drive dosent work
~EDIT2~
Your Tooltip When Playing The Animation Gets Stuck To The Cursor.
When Paused The Tooltip disappears
~EDIT3~
The "Message 1" And "Message 2" boxes should be flipped
The Starting Windows Should Be Message 1 As It Is On Top And Is Brighter.
i agree programs seem to be easier on 32 bit
and where is your latest program so i can test your GUI?
~EDIT~
found your latest Program!
but your link for the hidden system drive dosent work
~EDIT2~
Your Tooltip When Playing The Animation Gets Stuck To The Cursor.
When Paused The Tooltip disappears
~EDIT3~
The "Message 1" And "Message 2" boxes should be flipped
The Starting Windows Should Be Message 1 As It Is On Top And Is Brighter.
No longer the 'latest' GUI since I have added options to the menus for using the hidden partition for the bootmgr file, but close enough.
The link does work, it just doesn't scroll for you for whatever reason... click the "OpenHiddenSystemDrive" on the list at the beginning and it scrolls.
The link does work, it just doesn't scroll for you for whatever reason... click the "OpenHiddenSystemDrive" on the list at the beginning and it scrolls.
no it wont load for me it says page not found and it displays nothing
i increase the Saturation And Vibrance to 100% In Photoshop CS5 and it does this
http://img406.imageshack.us/i/messedupn.png
notice how the frame dosent fit in the windows that it should? and its not centered
i increase the Saturation And Vibrance to 100% In Photoshop CS5 and it does this
http://img406.imageshack.us/i/messedupn.png
notice how the frame dosent fit in the windows that it should? and its not centered
@marcusj
If you send me / make available your animation and I will check it out.
Here is the link again, but without the hash part:
http://coderforlife/projects/win7boot/extras/
There are a bunch of tooltip problems... I will work on them eventually.
Message 1 and Message 2 are given in that order since disabling message 1 (copyright) in winload.exe causes message 2 to disable as well, but disabling message 2 doesn't cause message 1 to disable.
If you send me / make available your animation and I will check it out.
Here is the link again, but without the hash part:
http://coderforlife/projects/win7boot/extras/
There are a bunch of tooltip problems... I will work on them eventually.
Message 1 and Message 2 are given in that order since disabling message 1 (copyright) in winload.exe causes message 2 to disable as well, but disabling message 2 doesn't cause message 1 to disable.
ok that makes sense about the message thing
and ill check out the link and play with it to try to get it to work
and ill upload the image
i had to start at the beggining of ou site and add the extras part but this link does work, not sure why
http://coderforlife.com/projects/win7boot/extras/
zipped with 7-zip should work with other programs but idk
http://********************/?d=ADLIMCMT
~EDIT2~
your hidden drive opening tool dosent work
it IS the x64 version
and i do have a 100mb unallocated partition as reported by Computer Manager
and ill check out the link and play with it to try to get it to work
and ill upload the image
i had to start at the beggining of ou site and add the extras part but this link does work, not sure why
http://coderforlife.com/projects/win7boot/extras/
zipped with 7-zip should work with other programs but idk
http://********************/?d=ADLIMCMT
~EDIT2~
your hidden drive opening tool dosent work
it IS the x64 version
and i do have a 100mb unallocated partition as reported by Computer Manager
I figured it out. In both cases the link was to my local testing server, even though in the first post the text included the www and com parts. Here is the REAL link:
Coder for Life - Projects - Windows 7 Boot Updater - Extras
Coder for Life - Projects - Windows 7 Boot Updater - Extras
yup i found the site by starting at coderforlife.com and going all the way through and adding /extras on the last page
yeah i have some new posts on the last page that would be aweosme if you would check them out
yeah i have some new posts on the last page that would be aweosme if you would check them out
By doesn't work, do you mean says that you don't have the hidden partition?
Can you download the VolumeInfo tool (also on the same page), run it, and send me the results? The easiest way is in a console you can do "VolumeInfo.exe > info.txt" (without quotes) in a command line. Then info.txt will contain all the information. Hopefully its just my program being too particular.
Can you download the VolumeInfo tool (also on the same page), run it, and send me the results? The easiest way is in a console you can do "VolumeInfo.exe > info.txt" (without quotes) in a command line. Then info.txt will contain all the information. Hopefully its just my program being too particular.
yes thats what i mean it says it dosent have a hidden partition
yup ill grab that 1 sec
~EDIT~
VolumeInfo Copyright (C) 2010 Jeffrey Bush <jeff@coderforlife.com>
This program comes with ABSOLUTELY NO WARRANTY;
This is free software, and you are welcome to redistribute it
under certain conditions;
See http://www.gnu.org/licenses/gpl.html for more details.
Volume: \\?\Volume{deb4bb46-edc9-11df-be32-806e6f6e6963}\
Device: \Device\HarddiskVolume2
Type: Fixed
Paths: C:\
Label: Windows 7
Serial: 7C35C083
Format: NTFS
Flags: 3E700FF
Supports Case Sensitive Search
Supports Case Preserved Names
Supports File Compression
Supports Named Streams
Preserves ACLs
Supports Encryption
Supports Extended Attributes
Supports Hard Links
Supports Object IDs
Supports Open by File ID
Supports Reparse Points
Supports Sparse Files
Supports Transactions
Supports USN Journal
Supports Unicode on Disk
Supports Disk Quotas
Size: Total: 825076215808 [ 768.4 GB]
Free: 251971321856 [ 234.7 GB]
Volume: \\?\Volume{deb4bb47-edc9-11df-be32-806e6f6e6963}\
Device: \Device\HarddiskVolume3
Type: Fixed
Paths: D:\
Label: Windows 7 Capture
Serial: 981CF19C
Format: NTFS
Flags: 3E700FF
Supports Case Sensitive Search
Supports Case Preserved Names
Supports File Compression
Supports Named Streams
Preserves ACLs
Supports Encryption
Supports Extended Attributes
Supports Hard Links
Supports Object IDs
Supports Open by File ID
Supports Reparse Points
Supports Sparse Files
Supports Transactions
Supports USN Journal
Supports Unicode on Disk
Supports Disk Quotas
Size: Total: 161061269504 [ 150.0 GB]
Free: 125159792640 [ 116.6 GB]
Volume: \\?\Volume{deb4bb45-edc9-11df-be32-806e6f6e6963}\
Device: \Device\HarddiskVolume1
Type: Fixed
Paths:
Label: PQSERVICE
Serial: 4C3382A8
Format: NTFS
Flags: 3E700FF
Supports Case Sensitive Search
Supports Case Preserved Names
Supports File Compression
Supports Named Streams
Preserves ACLs
Supports Encryption
Supports Extended Attributes
Supports Hard Links
Supports Object IDs
Supports Open by File ID
Supports Reparse Points
Supports Sparse Files
Supports Transactions
Supports USN Journal
Supports Unicode on Disk
Supports Disk Quotas
Size: Total: 13958639616 [ 13.0 GB]
Free: 5888524288 [ 5.5 GB]
Volume: \\?\Volume{62dec6d1-f240-11df-be41-806e6f6e6963}\
Device: \Device\CdRom0
Type: CD Drive
Paths: E:\
Label: Sims2DoubleDeluxe
Serial: 29DDF0AF
Format: UDF
Flags: 1480007
Supports Case Sensitive Search
Supports Case Preserved Names
Read-Only
Supports Hard Links
Supports Open by File ID
Supports Unicode on Disk
Size: Total: 5960204288 [ 5.6 GB]
Free: 0 [ 0.0 bytes]
Volume: \\?\Volume{dd96b86c-fba8-11df-b87d-90fba62ff290}\
Device: \Device\CdRom1
Type: CD Drive
Paths: F:\
Failed to get volume information: 21
Failed to get volume size information: 21
BTW IT SAVED IT TO C:\Users\Marcus, kinda hard to find
yup ill grab that 1 sec
~EDIT~
VolumeInfo Copyright (C) 2010 Jeffrey Bush <jeff@coderforlife.com>
This program comes with ABSOLUTELY NO WARRANTY;
This is free software, and you are welcome to redistribute it
under certain conditions;
See http://www.gnu.org/licenses/gpl.html for more details.
Volume: \\?\Volume{deb4bb46-edc9-11df-be32-806e6f6e6963}\
Device: \Device\HarddiskVolume2
Type: Fixed
Paths: C:\
Label: Windows 7
Serial: 7C35C083
Format: NTFS
Flags: 3E700FF
Supports Case Sensitive Search
Supports Case Preserved Names
Supports File Compression
Supports Named Streams
Preserves ACLs
Supports Encryption
Supports Extended Attributes
Supports Hard Links
Supports Object IDs
Supports Open by File ID
Supports Reparse Points
Supports Sparse Files
Supports Transactions
Supports USN Journal
Supports Unicode on Disk
Supports Disk Quotas
Size: Total: 825076215808 [ 768.4 GB]
Free: 251971321856 [ 234.7 GB]
Volume: \\?\Volume{deb4bb47-edc9-11df-be32-806e6f6e6963}\
Device: \Device\HarddiskVolume3
Type: Fixed
Paths: D:\
Label: Windows 7 Capture
Serial: 981CF19C
Format: NTFS
Flags: 3E700FF
Supports Case Sensitive Search
Supports Case Preserved Names
Supports File Compression
Supports Named Streams
Preserves ACLs
Supports Encryption
Supports Extended Attributes
Supports Hard Links
Supports Object IDs
Supports Open by File ID
Supports Reparse Points
Supports Sparse Files
Supports Transactions
Supports USN Journal
Supports Unicode on Disk
Supports Disk Quotas
Size: Total: 161061269504 [ 150.0 GB]
Free: 125159792640 [ 116.6 GB]
Volume: \\?\Volume{deb4bb45-edc9-11df-be32-806e6f6e6963}\
Device: \Device\HarddiskVolume1
Type: Fixed
Paths:
Label: PQSERVICE
Serial: 4C3382A8
Format: NTFS
Flags: 3E700FF
Supports Case Sensitive Search
Supports Case Preserved Names
Supports File Compression
Supports Named Streams
Preserves ACLs
Supports Encryption
Supports Extended Attributes
Supports Hard Links
Supports Object IDs
Supports Open by File ID
Supports Reparse Points
Supports Sparse Files
Supports Transactions
Supports USN Journal
Supports Unicode on Disk
Supports Disk Quotas
Size: Total: 13958639616 [ 13.0 GB]
Free: 5888524288 [ 5.5 GB]
Volume: \\?\Volume{62dec6d1-f240-11df-be41-806e6f6e6963}\
Device: \Device\CdRom0
Type: CD Drive
Paths: E:\
Label: Sims2DoubleDeluxe
Serial: 29DDF0AF
Format: UDF
Flags: 1480007
Supports Case Sensitive Search
Supports Case Preserved Names
Read-Only
Supports Hard Links
Supports Open by File ID
Supports Unicode on Disk
Size: Total: 5960204288 [ 5.6 GB]
Free: 0 [ 0.0 bytes]
Volume: \\?\Volume{dd96b86c-fba8-11df-b87d-90fba62ff290}\
Device: \Device\CdRom1
Type: CD Drive
Paths: F:\
Failed to get volume information: 21
Failed to get volume size information: 21
BTW IT SAVED IT TO C:\Users\Marcus, kinda hard to find
That must of been the current directory in the command window. What all that information tells me though is that your hidden partition is hidden even better. Which is weird since my default install of Windows 7 had it only kinda hidden. I will have to come up with more clever tricks... maybe.
I would like you to try one more thing. Can you run bcdedit from an elevated console and tell me what device is used for the Boot Manager?
Lastly, the problem with the graphic / my program is that it has a different horizontal and vertical resolution than the "default". I will make my program smarter.
I would like you to try one more thing. Can you run bcdedit from an elevated console and tell me what device is used for the Boot Manager?
Lastly, the problem with the graphic / my program is that it has a different horizontal and vertical resolution than the "default". I will make my program smarter.
waht do you mean what device is used for the Boot Manager?
this was printed from bcdedit
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {ad6e8cbf-ebc4-11df-bd26-c421c8218499}
displayorder {current}
{ad6e8cbb-ebc4-11df-bd26-c421c8218499}
{ad6e8cc7-ebc4-11df-bd26-c421c8218499}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {ad6e8cc1-ebc4-11df-bd26-c421c8218499}
recoveryenabled Yes
testsigning Yes
osdevice partition=C:
systemroot \Windows
resumeobject {ad6e8cbf-ebc4-11df-bd26-c421c8218499}
nx OptIn
numproc 4
usefirmwarepcisettings Yes
Windows Boot Loader
-------------------
identifier {ad6e8cbb-ebc4-11df-bd26-c421c8218499}
device partition=D:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
osdevice partition=D:
systemroot \Windows
resumeobject {ad6e8cba-ebc4-11df-bd26-c421c8218499}
nx OptIn
numproc 4
usefirmwarepcisettings Yes
Real-mode Boot Sector
---------------------
identifier {ad6e8cc7-ebc4-11df-bd26-c421c8218499}
device boot
path \Avldr.bin
description Chameleon
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {ad6e8cbf-ebc4-11df-bd26-c421c8218499}
displayorder {current}
{ad6e8cbb-ebc4-11df-bd26-c421c8218499}
{ad6e8cc7-ebc4-11df-bd26-c421c8218499}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {ad6e8cc1-ebc4-11df-bd26-c421c8218499}
recoveryenabled Yes
testsigning Yes
osdevice partition=C:
systemroot \Windows
resumeobject {ad6e8cbf-ebc4-11df-bd26-c421c8218499}
nx OptIn
numproc 4
usefirmwarepcisettings Yes
Windows Boot Loader
-------------------
identifier {ad6e8cbb-ebc4-11df-bd26-c421c8218499}
device partition=D:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
osdevice partition=D:
systemroot \Windows
resumeobject {ad6e8cba-ebc4-11df-bd26-c421c8218499}
nx OptIn
numproc 4
usefirmwarepcisettings Yes
Real-mode Boot Sector
---------------------
identifier {ad6e8cc7-ebc4-11df-bd26-c421c8218499}
device boot
path \Avldr.bin
description Chameleon
When you run bcdedit, one of the groups should be "Windows Boot Manager" and one of its values should be device. What value is it?
Good news, your bootmgr doesn't use the hidden partition! Probably 'fixed' by the Chameleon you installed. So nothing to worry about.
idk if you know this,
but Chameleon was for hackintosh
i couldnt install hackintosh
but yeah thats what it's for
but Chameleon was for hackintosh
i couldnt install hackintosh
but yeah thats what it's for
Does it work or do you search testers for your tools?
he is still working on it,
and he figured out a big part of why it wont work
now he is gonna do some testing then hell relase it for us to test
BUT HE HAS COLLEGE AND OTHER THINGS HES DOING SO IT WILL TAK EHIME SOME TIME TO GET ALL THIS STUFF DONE.
IDK HIS Release date but i wouldnt assume it will be out by the end of 2010
prolly early 2011 but im not sure im just makeing an educated guess
and he figured out a big part of why it wont work
now he is gonna do some testing then hell relase it for us to test
BUT HE HAS COLLEGE AND OTHER THINGS HES DOING SO IT WILL TAK EHIME SOME TIME TO GET ALL THIS STUFF DONE.
IDK HIS Release date but i wouldnt assume it will be out by the end of 2010
prolly early 2011 but im not sure im just makeing an educated guess
Sorry
I didn't know that he's a student.
You'll do great work, Thaymin... Don't stop with your great work...
I didn't know that he's a student.
You'll do great work, Thaymin... Don't stop with your great work...
Has anything been done thaimin? How close is it to being ready for beta? John
i talked to him a little while ago
hes cleaning everything up and getting it ready
but with his schedule he dosent know when it will be done becuase of him being so busy
hes cleaning everything up and getting it ready
but with his schedule he dosent know when it will be done becuase of him being so busy
Hi,
wow, great tool, exactly what I was looking for! Thank you very much!
It works fine for me in testing mode. However I cannot get it to work with testmode switched off. Am I doing something wrong?
I downloaded CoderForLifeCA.cer and CoderForLifeCA.crl and executed the two commands
certutil -f -v -addstore ROOT CoderForLifeCA.cer
certutil -f -v -addstore ROOT CoderForLifeCA.crl
Updating the files workes but then I get the message that signing failed... I am running Win7 Professional 32bit.
Can anybody help me? What am I doing wrong?
Thanks!
wow, great tool, exactly what I was looking for! Thank you very much!
It works fine for me in testing mode. However I cannot get it to work with testmode switched off. Am I doing something wrong?
I downloaded CoderForLifeCA.cer and CoderForLifeCA.crl and executed the two commands
certutil -f -v -addstore ROOT CoderForLifeCA.cer
certutil -f -v -addstore ROOT CoderForLifeCA.crl
Updating the files workes but then I get the message that signing failed... I am running Win7 Professional 32bit.
Can anybody help me? What am I doing wrong?
Thanks!
I run the tool but when i want to select a file,
the tool crashes any solution for that?
the tool crashes any solution for that?
ok now I can select a file but now when i restart my windows crash :S
I have tried it a few times now but each time I have to do system recovery
I have tried it a few times now but each time I have to do system recovery
Okay all, the tool is in "Alpha" which is before "Beta". It doesn't really work. There are things you can do to make it work, however I still recommend waiting for my next version. I have time this week and plan to get it released by the weekend. To clarify in the future I will label the version number I am using as 0.0.0.9 alpha...
@win7expert
My tools become part of my program. Testing the tools will accelerate testing the real program.
@marcusj0015
Thanks for the defense!
@RBCC
You will be told. Don't worry.
@Bohne
The current Alpha 8 doesn't support testsigning being off. Next version will.
@jacobf16
What was the problem you had opening files? I would like to fix it for the next version.
If you change the text and do not run:
Like it says on the website, it will crash. Please read.
@win7expert
My tools become part of my program. Testing the tools will accelerate testing the real program.
@marcusj0015
Thanks for the defense!
@RBCC
You will be told. Don't worry.
@Bohne
The current Alpha 8 doesn't support testsigning being off. Next version will.
@jacobf16
What was the problem you had opening files? I would like to fix it for the next version.
If you change the text and do not run:
Code:
bcdedit /set {bootmgr} testsigning on Many Thanks thaimin! Looking forward to beta!
�� Quote: Originally Posted by thaimin Okay all, the tool is in "Alpha" which is before "Beta". It doesn't really work. There are things you can do to make it work, however I still recommend waiting for my next version. I have time this week and plan to get it released by the weekend. To clarify in the future I will label the version number I am using as 0.0.0.9 alpha...
@win7expert
My tools become part of my program. Testing the tools will accelerate testing the real program.
@marcusj0015
Thanks for the defense!
@RBCC
You will be told. Don't worry.
@Bohne
The current Alpha 8 doesn't support testsigning being off. Next version will.
@jacobf16
What was the problem you had opening files? I would like to fix it for the next version.
If you change the text and do not run:
Like it says on the website, it will crash. Please read.
@win7expert
My tools become part of my program. Testing the tools will accelerate testing the real program.
@marcusj0015
Thanks for the defense!
@RBCC
You will be told. Don't worry.
@Bohne
The current Alpha 8 doesn't support testsigning being off. Next version will.
@jacobf16
What was the problem you had opening files? I would like to fix it for the next version.
If you change the text and do not run:
Code:
bcdedit /set {bootmgr} testsigning on and the error was that the program must be closed.
I solved it by set the compatibility to vista.
oh, and i can't download the certificate on that site
@jacobf16
You cannot change the "Starting Windows" text easily with the current version. With testsigning on for {current} and {bootmgr} the current version should be able to change animation and copyright text.
You do not need to download the certificate, it is included in the program (which installs it). It is only provided for use on other computers. It seems that you have to right-click and save it that way, the server thinks it should be a text file... The new version won't require any certificates or testsigning.
The error you are getting is very strange, and no one else has reported that. It may inadvertently be fixed in the new version. When I release the new version please test it out and report back to me. If it isn't fixed I will need to work with you to fix it.
You cannot change the "Starting Windows" text easily with the current version. With testsigning on for {current} and {bootmgr} the current version should be able to change animation and copyright text.
You do not need to download the certificate, it is included in the program (which installs it). It is only provided for use on other computers. It seems that you have to right-click and save it that way, the server thinks it should be a text file... The new version won't require any certificates or testsigning.
The error you are getting is very strange, and no one else has reported that. It may inadvertently be fixed in the new version. When I release the new version please test it out and report back to me. If it isn't fixed I will need to work with you to fix it.
Is the alpha 9 going to allow pictures for the background? How many colours? John
Background pictures is currently completely hypothetical. I have written assembly code to do it, however it has not been at all tested. It is likely to need some fixes from what I wrote since I don't know what I am really doing. On the other hand I have built a lot of the framework for it in the program, once I get around to actually testing. Additionally, I have not even begun to think about translating it into 64-bit assembly.
One thing I can tell you though is that when it is working (if I and/or joakim get it to work) then it will support 24-bit images. So full-color or 16,777,216 colors. In fact I have no idea at all how I would do anything besides 24-bit images since the built-in code in winload.exe seems to only draw 24-bit images. My program already converts many image formats to the proper 24-bit image necessary.
One thing I can tell you though is that when it is working (if I and/or joakim get it to work) then it will support 24-bit images. So full-color or 16,777,216 colors. In fact I have no idea at all how I would do anything besides 24-bit images since the built-in code in winload.exe seems to only draw 24-bit images. My program already converts many image formats to the proper 24-bit image necessary.
I am also very busy at the moment and haven't started testing the code yet. Realistically, support for background images will not happen this year. When I get the time, I will first study the code and implement it in winload.exe. Then lots of testing, tracing and rewriting of code will be required. I'm not sure either, how this will end. But I will give some feedback when I've found anything useful on the topic.
Joakim
Joakim
So it won't be implemented in the next release???
No, it won't be. However you will be able to see what it looks like it in the program and create the bootskins, but not actually apply.
The progamm alpha 9 is currently only a preview. But if thaimin release the 0.0.0.9 Beta (/Alpha) it will be possible to apply a custom bootskin, I think.
In the preview, you can only create new bootscreens but you can't apply them.
I hope, what I write was not wrong
In the preview, you can only create new bootscreens but you can't apply them.
I hope, what I write was not wrong
Several Utilities turn on and off the Windows 7 watermark, is this the problem with NToskrnl.EXE? jOHN
The watermark is just something that is generated based on the TESTSIGNING configuration in the BCD store. As already discussed, there are several ways to prevent that from being present on your desktop;
1. You actually don't need TESTSIGNING at all (see first post patching instructions).
2. Put TESTSIGNING on, but remove the watermark (see first post for patching instructions).
3. A few other mixed derivatives of the above (see first post and the rest of the thread).
To keep it simpel, stick to either 1 or 2.
Joakim
1. You actually don't need TESTSIGNING at all (see first post patching instructions).
2. Put TESTSIGNING on, but remove the watermark (see first post for patching instructions).
3. A few other mixed derivatives of the above (see first post and the rest of the thread).
To keep it simpel, stick to either 1 or 2.
Joakim
Put TESTSIGNING on, but remove the watermark (see first post for patching instructions).
How does this affect patchguard?
How does this affect patchguard?
This has absolutely nothing to do with patchguard. The testsigning watermark is not done by the kernel, it is done far down the road.
Yep, patchguard is about correctly signed drivers on 64-bit - only. The phrase "patching instructions" did not mean patchguard. Patching just means something like "modifying a file containing executable code" to alter its execution flow.
However, I thought patchguard was relevant to the challenges in this thread, though very early on in the duscussion. But that proved to be a wrong assumption on my side.
Maybe you (RBCC) mixed up with what I described about patching the kernel to jump back to non-TESTSIGNING right before ci.dll initialization.
Joakim
However, I thought patchguard was relevant to the challenges in this thread, though very early on in the duscussion. But that proved to be a wrong assumption on my side.
Maybe you (RBCC) mixed up with what I described about patching the kernel to jump back to non-TESTSIGNING right before ci.dll initialization.
Joakim
Joakim: Send me what thaimin has, is almost ready to test? He said the background wouldn't be implemented, john@golden-computers.net
Good news everyone!
Alpha 9 is ready to be tested by you guys!
The only reason I am not posting it on my website at the moment is I am in the middle of doing a major overhaul to my whole website. It should be up there sometime tomorrow. I will also be spreading the news to many others once at least one person here tests this out and tells me how it goes.
So after waiting for 3.5 months, whats new?
The one major issue that I know about is that changing the text 2 color to anything besides white on x64 causes the bootup process to go nuts and doesn't even try to auto-recover it. Don't worry, in the version I have uploaded it prevents you from making this fatal mistake. On x86 this works just fine.
So here it is, the moment you have been waiting for (only available at this address until I update my website):
http://www.coderforlife.com/temp/Win7BootUpdater.exe
http://www.coderforlife.com/temp/Win7BootUpdater64.exe
Both files are ~1.7 MB.
Alpha 9 is ready to be tested by you guys!
The only reason I am not posting it on my website at the moment is I am in the middle of doing a major overhaul to my whole website. It should be up there sometime tomorrow. I will also be spreading the news to many others once at least one person here tests this out and tells me how it goes.
So after waiting for 3.5 months, whats new?
- Does not require testsigning. In fact the current version can turn off testsigning for you if it notices you have it on.
- Should work for any language, instead of just English and a few others.
- You can change the text without a bunch of extra work.
- Tons of new little tweaks you can do: changing the colors, sizes, etc. There is no longer a cap on the length of either text.
- Works for systems that have the hidden "System Reserved" partition.
- No more certificates at all.
- And the enhancements seen in the preview: save bootskins for sharing, preview the animation, easily restore backups.
The one major issue that I know about is that changing the text 2 color to anything besides white on x64 causes the bootup process to go nuts and doesn't even try to auto-recover it. Don't worry, in the version I have uploaded it prevents you from making this fatal mistake. On x86 this works just fine.
So here it is, the moment you have been waiting for (only available at this address until I update my website):
http://www.coderforlife.com/temp/Win7BootUpdater.exe
http://www.coderforlife.com/temp/Win7BootUpdater64.exe
Both files are ~1.7 MB.
Hi!, I've been waiting for the new alpha 9 and now it's finally here. But when I tried to change the boot animation and both texts I first got a message saying that original � Microsoft Corporation .... Could not be found. then I tried again but only changing text 2 I still got the same message. I changed my winload.exe to my backup windload.exe and then I got this message
Imageshack - desktopyw.jpg
I managed to change message 1 and boot animation in alpha 8 but again when I tried to change it to a different text I got the same message in alpha 8.
I'm using Windows 7 Home Premium 64bit Finnish language
Imageshack - desktopyw.jpg
I managed to change message 1 and boot animation in alpha 8 but again when I tried to change it to a different text I got the same message in alpha 8.
I'm using Windows 7 Home Premium 64bit Finnish language
@eetzi96
The error you got the first time was expected. The program can only work on the original files. Under "Options" there is a "Restore Backups" option. That's an easy way to restore the backups that my program makes (especially since the new program changes 4 files, each in a different place).
The other error you got is not good. I have uploaded a new version that should have more information in the error message. Hopefully with that I will be able to fix the problem.
Do you have a hidden "System Reserved" partition?
@all
The new program I just uploaded fixes the issue with x64 and text 2 color.
The error you got the first time was expected. The program can only work on the original files. Under "Options" there is a "Restore Backups" option. That's an easy way to restore the backups that my program makes (especially since the new program changes 4 files, each in a different place).
The other error you got is not good. I have uploaded a new version that should have more information in the error message. Hopefully with that I will be able to fix the problem.
Do you have a hidden "System Reserved" partition?
@all
The new program I just uploaded fixes the issue with x64 and text 2 color.
Okay, so I don't have hidden partition and now I restored all of the backups. Now i get this error
ImageShack� - Online Photo and Video Hosting
ImageShack� - Online Photo and Video Hosting
Great thanks to "thaimin"
can I use this in physical system or virtual system.
can I use this in physical system or virtual system.
Hi i have testing Alpha 9 on my windows 7 64 Bit German Version SP1 BETA its no working see:
!!!
!!!
Many Thanks thaimin. 
It works great.
I have test it on Win 7 x64 Home Premium (German Version)
For the german user a little tutorial on deskmodder.de Windows 7 Bootscreen �ndern
It works great.
I have test it on Win 7 x64 Home Premium (German Version)
For the german user a little tutorial on deskmodder.de Windows 7 Bootscreen �ndern
Thaimin thank you very much!! Your tool is working great here without any problems, I run Win7 Prof 32bit english here. 
This was just in time. I was looking for such a tool last week and now you just released your first working alpha! Great!!
This was just in time. I was looking for such a tool last week and now you just released your first working alpha! Great!!
Sorry for me its not working,
I changed the animation & text but when restart it automatically goes to starup repair & after that it comes to original boot screen. Please Help.
Windows 7 64 bits Ultimate
I changed the animation & text but when restart it automatically goes to starup repair & after that it comes to original boot screen. Please Help.
Windows 7 64 bits Ultimate
It's not working on Hungarian x64 SP1 too
Thank you all for testing! Here is a list I have put together based on what people have said:
On another note my website is running so I am taking down the temporary files. You can get the files at:
Coder for Life - Project - Windows 7 Boot Updater
On another note, I fixed the x64 problem with text 2 color.
- Works
- x64 Home Premium English (no updates)
- x64 Home Premium German
- x86 Professional English
- x86 Professional Italian
- x86 Ultimate English (no updates)
- x86 Ultimate English
- x64 Ultimate English
- Fails to 'Apply'
- x64 German (SP1 BETA)
- Startup repair
- x64 Professional English (7600.16385)
- x86 Ultimate English
- x64 Ultimate
- Just 'not working' (PLEASE BE MORE DESCRIPTIVE!)
- x64 Hungarian (SP1)
- SP 1 RC1
On another note my website is running so I am taking down the temporary files. You can get the files at:
Coder for Life - Project - Windows 7 Boot Updater
On another note, I fixed the x64 problem with text 2 color.
Thaimin, I will test on my sister's x86 windows 7 laptop
im too lazy to get on the x64 desktop
do you mind if i link to your site on my DeviantART Account?
~EDIT~
it works fine for text on Windows 7 Ultimate x86
but the image looks smeared into a wierd color glump picture
the animation is displayed as a single image
im too lazy to get on the x64 desktop
do you mind if i link to your site on my DeviantART Account?
~EDIT~
it works fine for text on Windows 7 Ultimate x86
but the image looks smeared into a wierd color glump picture
the animation is displayed as a single image
Windows Professional x86 Italian language, works like a charm.
I had the files modified from the previous version, what I did was remove testsigning, reboot, restore backups, reboot and then proceed with the changes.
Thanks for this work of art!
I had the files modified from the previous version, what I did was remove testsigning, reboot, restore backups, reboot and then proceed with the changes.
Thanks for this work of art!
Hi Thaimin,I made a simple animationfor quick test ,the animation works fine & text too.. Thanks again it worked fine un till updated windows.
I made clean install of win7 Ultimate 64 English bits & worked fine, but afterwindows update & restart it automatically goes to starup repair & after that it comes to original boot screen.Even I tried it SP1 RC1 also & same result.Is there any solutionsfor this Pls .
I made clean install of win7 Ultimate 64 English bits & worked fine, but afterwindows update & restart it automatically goes to starup repair & after that it comes to original boot screen.Even I tried it SP1 RC1 also & same result.Is there any solutionsfor this Pls .
@rockyp
My guess is that one of the Windows Updates changes one of the files I need to modify. I will have to research it and see what can be done. There is no solution at the moment.
My guess is that one of the Windows Updates changes one of the files I need to modify. I will have to research it and see what can be done. There is no solution at the moment.
@marcusj
How are you setting the image? What is your original picture type / size? Or are you using a folder of images? If using a folder, what types of images (BMP, PNG, ...)? Does the preview look fine?
How are you setting the image? What is your original picture type / size? Or are you using a folder of images? If using a folder, what types of images (BMP, PNG, ...)? Does the preview look fine?
idk if i load the individual frames it works fine,
and if i load a bootskin it also works
it says it cant apply Winload.exe patches because of a windows update?
Windows 7 x64 Ultimate
and if i load a bootskin it also works
it says it cant apply Winload.exe patches because of a windows update?
Windows 7 x64 Ultimate
@marcusj
There are 2 causes of that error:
There are 2 causes of that error:
- You modified winload.exe (using any of my programs or manually). Use Options > Restore Backups. Repeat until it says it didn't restore anything.
- There actually is a difference due to a Windows update. This is true for SP1. There is nothing you can do at the moment about this, but I am working on finding the patches for SP1.
Thanks very mutch to thaimin for his work.
@thaimin: Can you host my custom animation on your website?
@all: It's time to create some animations, we can host it on my servers or on yours, thaimin.
@thaimin: Can you host my custom animation on your website?
@all: It's time to create some animations, we can host it on my servers or on yours, thaimin.
@win7expert
I plan on making a system for uploading bootskins (even directly from within the program) to my website, but this will be in a little bit. I would like to make it nice.
I plan on making a system for uploading bootskins (even directly from within the program) to my website, but this will be in a little bit. I would like to make it nice.
Just wanted to throw in that everything works perfectly on x64 Enterprise (English)
Sorry that i didn't specify the problem. I can't aplly due to windows update(SP1) too :/
Hello again Thaimin, I'm back with my problem. Now I got pass the "original microsoft corporation text could not be found" just did what you said so I restored untill it says nothing restored. now I get this strage message when it's finishing Bootmgr
Just for making sure that you understand what it says, all those "Kohteessa ..." means located in what ever it says. Don't know if you understand
Imageshack - qwertyv.jpg
Just for making sure that you understand what it says, all those "Kohteessa ..." means located in what ever it says. Don't know if you understand
Imageshack - qwertyv.jpg
Here Are My Version Numbers For Winload and Bootres
Winload.exe Version 6.1.7600.20770
Winload.exe.mui 6.1.7600.20770
Bootres.dll Version 6.1.7600.16385
Winload.exe Version 6.1.7600.20770
Winload.exe.mui 6.1.7600.20770
Bootres.dll Version 6.1.7600.16385
Hi update for #430
Here Are My Version Numbers For Winload and Bootres Files:
Winload.exe + Winload.exe.mui + Bootres.dll Version 6.1.7601.16562 !!!
Here Are My Version Numbers For Winload and Bootres Files:
Winload.exe + Winload.exe.mui + Bootres.dll Version 6.1.7601.16562 !!!
Mine is 6.1.7601.17105 (newer :P) 2010.09.30
but what did they change in the updated winload?
probably some bug fixes and performance fixes
so can we hack those or do we need to restore the original ones?
probably some bug fixes and performance fixes
so can we hack those or do we need to restore the original ones?
Hi! I try to modify winload.exe text "Starting Windows" with windows7updater, but didn`t works
Error in winload.exe, stop installation before the first reset.
Why? Is possible a tutorial... or is possible modify manually winload, only to changue the text?
Thanks a lot! Sorry for my english, i'm spanish, version of my windows 7 to modify 7.600 spanish es-ES
bye!
Error in winload.exe, stop installation before the first reset.
Why? Is possible a tutorial... or is possible modify manually winload, only to changue the text?
Thanks a lot! Sorry for my english, i'm spanish, version of my windows 7 to modify 7.600 spanish es-ES
bye!
you DONT want to manually mod winload
that would take forever
just let Thaimin fix the bugs, he is really busy so be patient
that would take forever
just let Thaimin fix the bugs, he is really busy so be patient
@marcusj
Likely almost nothing changed, but a little change and a recompile could make everything not work... I am working on a system now that will allow it to use the file version number to apply the proper patches.
@Mayoral
What didn't work?
Did it go into System Recovery when you restarted? Are you using version Alpha 9?
Was there an error running the program? If so what was the error? (just type it and I will know whats going on)
Likely almost nothing changed, but a little change and a recompile could make everything not work... I am working on a system now that will allow it to use the file version number to apply the proper patches.
@Mayoral
What didn't work?
Did it go into System Recovery when you restarted? Are you using version Alpha 9?
Was there an error running the program? If so what was the error? (just type it and I will know whats going on)
Hi Mayoral,
I had the smae problem with my 2nd system,if you updated win it will be restored to original.
First reinstall windows7 & use windows7updater to change. It works.
I had the smae problem with my 2nd system,if you updated win it will be restored to original.
First reinstall windows7 & use windows7updater to change. It works.
@Mayoral
What didn't work?
Did it go into System Recovery when you restarted? Are you using version Alpha 9?
Was there an error running the program? If so what was the error? (just type it and I will know whats going on)[/QUOTE]
Not works the version Alpha 9 in windows 7 7600 es-ES. I need the certificate to modify winload? I want to change only text in winload.
http://www.sevenforums.com/attachmen...1&d=1293467292
http://www.sevenforums.com/attachmen...1&d=1293467292
This is the error in the install.
Thanks!!!
What didn't work?
Did it go into System Recovery when you restarted? Are you using version Alpha 9?
Was there an error running the program? If so what was the error? (just type it and I will know whats going on)[/QUOTE]
Not works the version Alpha 9 in windows 7 7600 es-ES. I need the certificate to modify winload? I want to change only text in winload.
http://www.sevenforums.com/attachmen...1&d=1293467292
http://www.sevenforums.com/attachmen...1&d=1293467292
This is the error in the install.
Thanks!!!
�� Quote: Originally Posted by Mayoral Is possible a tutorial... or is possible modify manually winload, only to changue the text?
Joakim
�� Quote: Originally Posted by joakim �� Quote: Originally Posted by Mayoral Is possible a tutorial... or is possible modify manually winload, only to changue the text?
Joakim
I don`t find this to hack winload for the checksum
at VA 428DC5 change 7418 to EB18
at VA 428DE3 change 0F8400010000 to 909090909090
at VA 428DF6 change 0F871CFDFFFF to 909090909090
Where is this part? I use HxD hex program.
Thanks again
�� Quote: Originally Posted by Mayoral I don`t find this to hack winload for the checksum
at VA 428DC5 change 7418 to EB18
at VA 428DE3 change 0F8400010000 to 909090909090
at VA 428DF6 change 0F871CFDFFFF to 909090909090
Where is this part? I use HxD hex program.
at VA 428DC5 change 7418 to EB18
at VA 428DE3 change 0F8400010000 to 909090909090
at VA 428DF6 change 0F871CFDFFFF to 909090909090
Where is this part? I use HxD hex program.
Code:
va 429612 = raw offset 28a12 va 428dc5 = raw offset 281c5 va 428de3 = raw offset 281e3 va 428df6 = raw offset 281f6
Joakim
Hi guys, i'm new here.
I don't know if it's already been fixed, but i had some trouble with Windows 7 Boot Updater 0.9.
The problem was with the signature of winload.exe, it either failed to boot or got into recovery mode and restored an SRP. I got this issue fixed with the following commands before rebooting
bcdedit.exe /set nointegritychecks ON
bcdedit /set loadoptions DISABLE_INTEGRITY_CHECKS
this way bootmgr skips the Winload (and other files) integrity checks and boot windows successfully. And got an nice Animus bootscreen.
I don't know if it's already been fixed, but i had some trouble with Windows 7 Boot Updater 0.9.
The problem was with the signature of winload.exe, it either failed to boot or got into recovery mode and restored an SRP. I got this issue fixed with the following commands before rebooting
bcdedit.exe /set nointegritychecks ON
bcdedit /set loadoptions DISABLE_INTEGRITY_CHECKS
this way bootmgr skips the Winload (and other files) integrity checks and boot windows successfully. And got an nice Animus bootscreen.
@Mayoral
None of us have tried to install with these modified files only modify them after install. My eventual goal is to install with them, however I haven't gotten that far yet. You may need to update something else to get them to install right.
@SystemUser
The new version is supposed to not require any bcd changes. Although you are right that with a little help the new version still does work.
@all
I have been working on a bunch of new code. Instead of hard-coding all the hacks, I have made a updatable patching system that is version-based (so it applies the proper patches to the proper version files). So far I have made it reproduce the hacks included in Alpha 9. It automatically checks for updates on the web, so this will help in the future when the program is working but needs to adapt to new file versions.
With this system in place I will soon do more testing to find why many pre-SP1 versions are failing and entering System Recovery. I have a system here that exhibits that behavior so I can test. I may be able to figure out the SP1 hacks as well. At some point during this I will release an Alpha 10.
Beta 1 will come eventually, and I am planning to have it working for nearly everyone (up to and including SP1) with the fancy background image. I then plan on working on an installer, the sharing website, winresume.exe correctly working, and efi.
None of us have tried to install with these modified files only modify them after install. My eventual goal is to install with them, however I haven't gotten that far yet. You may need to update something else to get them to install right.
@SystemUser
The new version is supposed to not require any bcd changes. Although you are right that with a little help the new version still does work.
@all
I have been working on a bunch of new code. Instead of hard-coding all the hacks, I have made a updatable patching system that is version-based (so it applies the proper patches to the proper version files). So far I have made it reproduce the hacks included in Alpha 9. It automatically checks for updates on the web, so this will help in the future when the program is working but needs to adapt to new file versions.
With this system in place I will soon do more testing to find why many pre-SP1 versions are failing and entering System Recovery. I have a system here that exhibits that behavior so I can test. I may be able to figure out the SP1 hacks as well. At some point during this I will release an Alpha 10.
Beta 1 will come eventually, and I am planning to have it working for nearly everyone (up to and including SP1) with the fancy background image. I then plan on working on an installer, the sharing website, winresume.exe correctly working, and efi.
Thanks for info you are the best !!!
thanks Thaimin,
if you need anything ill be glad to help
i have a little side project too hopefully it will come to fruition soon.
if you need anything ill be glad to help
i have a little side project too hopefully it will come to fruition soon.
Hi Thaimin, Could I get a Download Link for alpha 8 because alpha 9 is not working for me right now and I accidentally deleted the one I had.
This is great stuff!
Thanks for all your hard work thaimin
Thanks for all your hard work thaimin
@GEORG, marcusj, blkwlf
Thanks for the support!
@eetzi
I would prefer not to go backwards... However the new version will actually work if you turn on "no verify" like in a previous post in this forum (by SystemUser I believe). If that doesn't work I can look for my copy of it and upload it.
@RBCC
I am always busy since this isn't my job. However I am not always as busy as I was before. I am working on this in my freetime so development will be slow.
Custom fonts were becoming a mess so I decided to remove them as long as the full image background works because then you could use any font at all (and not just specific types with specific names and tons of internationalization issues).
Background images have not been tested at all. I just upgraded my laptop to Windows 7 (it's my primary computer and was still on Vista). I also am building a new desktop which is where all my testing happens (it runs VMs great). So basically I haven't been able to work on it. The dynamic patching system was important and big and is working so it's not like I haven't done anything.
Thanks for the support!
@eetzi
I would prefer not to go backwards... However the new version will actually work if you turn on "no verify" like in a previous post in this forum (by SystemUser I believe). If that doesn't work I can look for my copy of it and upload it.
@RBCC
I am always busy since this isn't my job. However I am not always as busy as I was before. I am working on this in my freetime so development will be slow.
Custom fonts were becoming a mess so I decided to remove them as long as the full image background works because then you could use any font at all (and not just specific types with specific names and tons of internationalization issues).
Background images have not been tested at all. I just upgraded my laptop to Windows 7 (it's my primary computer and was still on Vista). I also am building a new desktop which is where all my testing happens (it runs VMs great). So basically I haven't been able to work on it. The dynamic patching system was important and big and is working so it's not like I haven't done anything.
Tried turning on "no verify" thing but still not working I allways get the same message as before
I allways get the same message as before I have the same problem
Just letting you know that I've started testing code to draw bitmaps with winload.exe. Does not currently work, but at least some progress have been made.
Joakim
Joakim
how much longer Thaimin?
ill test the latest version ASAP, just tell me when there is a new build
ill test the latest version ASAP, just tell me when there is a new build
Just had a look at the sp1 (x86), version 6.1.7601.17124, files and almost nothing has changed. The security of winload.exe is still the same, meaning the same hack will still work. It will have a slightly different offset though. VA 00429684 or raw offset 0x28a84.
@thaimin1
Your bmzip tool does not work on the new bootmgr. However since the security of bootmgr and winload.exe is almost identical, I would assume bootmgr's hack also still works. Actually there is no need to have the new version. Just replace with the old one, if you can't it going.
@thaimin2
The bitmap drawing development has now halted completely. Whenever you're ready, I'll send you my current implementation and the notes. I think we need to add our own code to load bootres.dll, instead of depending on the existing (this is what I think is the current issue).
Joakim
@thaimin1
Your bmzip tool does not work on the new bootmgr. However since the security of bootmgr and winload.exe is almost identical, I would assume bootmgr's hack also still works. Actually there is no need to have the new version. Just replace with the old one, if you can't it going.
@thaimin2
The bitmap drawing development has now halted completely. Whenever you're ready, I'll send you my current implementation and the notes. I think we need to add our own code to load bootres.dll, instead of depending on the existing (this is what I think is the current issue).
Joakim
@joakim
I have been busy, although I have read all of your personal message joakim, so I have been following, just haven't been able to think about them and respond. I have finally setup my virtual machines on my new computer so I can start testing again!
The SP1 also has a change in winload.exe, as I can see in the picture given by GEORG in post #430: How to change boot animation in Windows 7. The change is with one of the background / text / color properties. This should be fairly easy to find knowing that. With my new patching system it should also be very easy to make the change in the program (just have to say for version 6.1.x.x do this hack instead). I actually don't use offsets at all, so we'll see if it even needs to be updated!
Sad to hear that bmzip doesn't work anymore. I will have to do a brief investigation, and maybe revert to copying the old one (although I would prefer not).
@marcusj
Soon, hopefully. I have a bit of time now, and I have finished transitioning to new computers, so I can work on it.
@eetzi96 and maherDP
That is a serious problem. It looks as though the decompression of bootmgr is failing with and access violation (attempt to read or write protected memory). If you have SP1 then the issue may be the same as what joakim was talking about. Otherwise, I will have to do some further studies. Can you send me your bootmgr file so I can investigate?
When Reporting Errors: please copy the output from my boot-versions program: Coder for Life - Project - Win 7 Boot Updater: Extras. It will tell me a lot about the system and files you have and help me fix the problem. Most people will probably want the GUI version.
@GEORG
I hope to start testing SP1 soon. Thanks for the link!
@all
I have revamped the core of the program separating the 'core functions' and the GUI. They are separate programs now which means in the future I will be able to make different interfaces easily (like an installer, command line, etc). It also helped with my organization, it was getting a little difficult with 65+ source files... with that task out of the way I can focus on fixing the issues.
I have been busy, although I have read all of your personal message joakim, so I have been following, just haven't been able to think about them and respond. I have finally setup my virtual machines on my new computer so I can start testing again!
The SP1 also has a change in winload.exe, as I can see in the picture given by GEORG in post #430: How to change boot animation in Windows 7. The change is with one of the background / text / color properties. This should be fairly easy to find knowing that. With my new patching system it should also be very easy to make the change in the program (just have to say for version 6.1.x.x do this hack instead). I actually don't use offsets at all, so we'll see if it even needs to be updated!
Sad to hear that bmzip doesn't work anymore. I will have to do a brief investigation, and maybe revert to copying the old one (although I would prefer not).
@marcusj
Soon, hopefully. I have a bit of time now, and I have finished transitioning to new computers, so I can work on it.
@eetzi96 and maherDP
That is a serious problem. It looks as though the decompression of bootmgr is failing with and access violation (attempt to read or write protected memory). If you have SP1 then the issue may be the same as what joakim was talking about. Otherwise, I will have to do some further studies. Can you send me your bootmgr file so I can investigate?
When Reporting Errors: please copy the output from my boot-versions program: Coder for Life - Project - Win 7 Boot Updater: Extras. It will tell me a lot about the system and files you have and help me fix the problem. Most people will probably want the GUI version.
@GEORG
I hope to start testing SP1 soon. Thanks for the link!
@all
I have revamped the core of the program separating the 'core functions' and the GUI. They are separate programs now which means in the future I will be able to make different interfaces easily (like an installer, command line, etc). It also helped with my organization, it was getting a little difficult with 65+ source files... with that task out of the way I can focus on fixing the issues.
What's happening with the boot updater! John
@for all who had the same problem as I
I found out that the bootmgr file in my case was not located on hiddenpartition. I just changed the location in bootupdaters options from hiddenpartition to C:\Windows\Boot\PCAT\bootmgr
Now i succesfully updated animation and both texts.
I found out that the bootmgr file in my case was not located on hiddenpartition. I just changed the location in bootupdaters options from hiddenpartition to C:\Windows\Boot\PCAT\bootmgr
Now i succesfully updated animation and both texts.
�� Quote: Originally Posted by thaimin @joakim
When Reporting Errors: please copy the output from my boot-versions program: Coder for Life - Project - Win 7 Boot Updater: Extras. It will tell me a lot about the system and files you have and help me fix the problem. Most people will probably want the GUI version.
When Reporting Errors: please copy the output from my boot-versions program: Coder for Life - Project - Win 7 Boot Updater: Extras. It will tell me a lot about the system and files you have and help me fix the problem. Most people will probably want the GUI version.
Windows Version: 6.1.7601
Service Pack: 1.0
Product / Type: Home Premium / Workstation
Platform: x64
bootmgr
----------------------------------------
Path: C:\Windows\BOOT\PCAT\bootmgr
File Version: 6.1.7601.17514
Product Version: 6.1.7601.17514
Platform: x86
winload
----------------------------------------
Path: C:\Windows\system32\winload.exe
File Version: 6.1.7601.17514
Product Version: 6.1.7601.17514
Platform: x64
winresume
----------------------------------------
Path: C:\Windows\system32\winresume.exe
File Version: 6.1.7601.17514
Product Version: 6.1.7601.17514
Platform: x64
Thaimin, you should patch BOTH bootmgr,
in hidden partition, and at C:\Windows\Boot\PCAT\Bootmgr
to cover all bases
in hidden partition, and at C:\Windows\Boot\PCAT\Bootmgr
to cover all bases
OK so I just noticed you had recompiled a new version on 12.01.11, and it works with newest bootmgr. I'm sorry for running the test on old version of bmzip. Some strange things about bootmgr. There appears to be 2 different versions of 6.1.7600.16385, one dated 13.07.09 and the other one 01.04.10. The have the same version number as well as the same internal compiler timestamp in the pe header (13/07/2009 23:11:27). However, they are signed on different dates (and have a 2 KB size difference). Is this an April joke? Or is it me running Embedded (but sp1) that is the cause? Anybody have a new (non-Embedded) bootmgr to send me?
Regarding bitmap drawing:
Could it be easier to embedd the bitmap inside winload.exe itself and rewrite a modified copy of the function ResFindDataEntry (instead of BlResourceFindDataFromImage). I also notice that bootmgr is not happy with the way certain pe (resource) editors add a resource to winload.exe (good old reshacker still works though).
Joakim
Regarding bitmap drawing:
Could it be easier to embedd the bitmap inside winload.exe itself and rewrite a modified copy of the function ResFindDataEntry (instead of BlResourceFindDataFromImage). I also notice that bootmgr is not happy with the way certain pe (resource) editors add a resource to winload.exe (good old reshacker still works though).
Joakim
Hi
Here my original files from Windows 7 Service Pack 1 64 Bit (bootmgr + winload.exe + winresume.exe = 6.1.7601.17514) for you:
Standard.ZIP
Here my original files from Windows 7 Service Pack 1 64 Bit (bootmgr + winload.exe + winresume.exe = 6.1.7601.17514) for you:
Standard.ZIP
Thanks, I'll take a look.
Decompression works perfect on version 6.1.7601.17514 (win7sp1_rtm.101119-1850). The same signature hack still applies, but now at VA 00421ec7 (replace 7416 with 9090).
But something went wrong in the recompression, as the stub complained about the checksum. A bug or did I misunderstand how the stub and "frames" where supposed to be reassembled again? Anyways, just deactivate it by changing 7403 with eb08 at offset 0x105e, and you will get no more complaints.
Joakim
But something went wrong in the recompression, as the stub complained about the checksum. A bug or did I misunderstand how the stub and "frames" where supposed to be reassembled again? Anyways, just deactivate it by changing 7403 with eb08 at offset 0x105e, and you will get no more complaints.
Joakim
Hi
make it in the next Alpha version for testings ???
make it in the next Alpha version for testings ???
I am still working on trying to identify the issue that causes half of the people to go into Windows Recovery...
In the mean time though I have been adding some SP1 stuff. I have done my initial testing with 64-bit SP1 and it can successfully run the program and apply, now I just need to run it in a VM to see if it works. Also I need to find the 32-bit SP1 differences and test them.
I have also started to add winresume code. It took a bit of restructuring of my code but I believe the code is in place. I just need to find the hacks now (I need to convert the hacks from winload to winresume, they should be nearly identical, but likely there will be a few differences).
I plan on finishing the above (half of people in Windows Recovery, SP1, and winresume) soon (a week or two?) and releasing the next alpha. If the majority of people say that it is working, I will probably add a few tweaks/fixes and release a beta, with confidence that it will work for most people.
I will release a couple of betas, adding extra features such as boot skin sharing and installers, along with fixing any issues that come up. Since the patching is now separate I can update those at any time as new versions of the files are made available.
In the mean time though I have been adding some SP1 stuff. I have done my initial testing with 64-bit SP1 and it can successfully run the program and apply, now I just need to run it in a VM to see if it works. Also I need to find the 32-bit SP1 differences and test them.
I have also started to add winresume code. It took a bit of restructuring of my code but I believe the code is in place. I just need to find the hacks now (I need to convert the hacks from winload to winresume, they should be nearly identical, but likely there will be a few differences).
I plan on finishing the above (half of people in Windows Recovery, SP1, and winresume) soon (a week or two?) and releasing the next alpha. If the majority of people say that it is working, I will probably add a few tweaks/fixes and release a beta, with confidence that it will work for most people.
I will release a couple of betas, adding extra features such as boot skin sharing and installers, along with fixing any issues that come up. Since the patching is now separate I can update those at any time as new versions of the files are made available.
@joakim
Awesome that the newer bmzip worked (some very minor tweaks that I guess were important!). Weird about the checksum thing, and that certain resource editors cause problems. Also, I noticed the two 'versions' of bootmgr as well (when just go through the update files). In fact there are also bootmgr.exe files (2, identical)! Already decompressed! They are the same as the 2 KB larger bootmgr final program, decompressed. So my guess is that the larger bootmgr is the right one.
I am sorry that I haven't been able to provide any feedback with the image stuff yet, but hopefully this weekend.
@GEORG
Thanks for the info, it tells me yours isn't working because you have SP1. Now I need the info from the people that aren't using SP1. They are the mysterious ones.
@eetzi96
Glad you figured it out. It is weird that you have a hidden partition with bootmgr (that doesn't seem to be a valid bootmgr) but the important bootmgr is on your main drive. Do you have anything special with your boot setup (e.g. dual boot, WinPE, PXE, ...?).
@marcusj0015
Many people don't have the hidden partition (the choice is obvious in those cases). However for eetzi96 it seems as though I was unable to patch the hidden bootmgr and it freaked out, thus patching both would also freak out. But maybe I can work something out.
Awesome that the newer bmzip worked (some very minor tweaks that I guess were important!). Weird about the checksum thing, and that certain resource editors cause problems. Also, I noticed the two 'versions' of bootmgr as well (when just go through the update files). In fact there are also bootmgr.exe files (2, identical)! Already decompressed! They are the same as the 2 KB larger bootmgr final program, decompressed. So my guess is that the larger bootmgr is the right one.
I am sorry that I haven't been able to provide any feedback with the image stuff yet, but hopefully this weekend.
@GEORG
Thanks for the info, it tells me yours isn't working because you have SP1. Now I need the info from the people that aren't using SP1. They are the mysterious ones.
@eetzi96
Glad you figured it out. It is weird that you have a hidden partition with bootmgr (that doesn't seem to be a valid bootmgr) but the important bootmgr is on your main drive. Do you have anything special with your boot setup (e.g. dual boot, WinPE, PXE, ...?).
@marcusj0015
Many people don't have the hidden partition (the choice is obvious in those cases). However for eetzi96 it seems as though I was unable to patch the hidden bootmgr and it freaked out, thus patching both would also freak out. But maybe I can work something out.
What is the difference between Windows 7 and Windows 7 SP1 besides having all the updates? Is there a difference? John
what exactly do you mean RBCC?
with SP1 almost all areas of Windows has been updated.
there is a vast amount of differences.
try to narrow it down and ill try to help, but i can't help without knowing exactly you mean.
with SP1 almost all areas of Windows has been updated.
there is a vast amount of differences.
try to narrow it down and ill try to help, but i can't help without knowing exactly you mean.
Ok thanks for info you are the best !!!
�� Quote: Originally Posted by thaimin @eetzi96
Glad you figured it out. It is weird that you have a hidden partition with bootmgr (that doesn't seem to be a valid bootmgr) but the important bootmgr is on your main drive. Do you have anything special with your boot setup (e.g. dual boot, WinPE, PXE, ...?)
Glad you figured it out. It is weird that you have a hidden partition with bootmgr (that doesn't seem to be a valid bootmgr) but the important bootmgr is on your main drive. Do you have anything special with your boot setup (e.g. dual boot, WinPE, PXE, ...?)
How do I go about applying the Service Pack like the Visa sp1? Or can I slipstream it ?
can I download it then slipstreamit? John
can I download it then slipstreamit? John
i peronally think slipstreaming is a bad idea, and can lead to windows just not working right.
if you slipstream it, what's to say that the program you slipstream it with added the registry entries properly?
that's exactly what happend with Vlite.
if i were you i would install regular windows 7 on a seperate partition, adn install all patches and then SP1, then capture the image, then burn.
that way everything is installed right.
adn while your at it you can update DirectX, and make it so you can install it and jump right into using it after, without having to set everything up!
if you slipstream it, what's to say that the program you slipstream it with added the registry entries properly?
that's exactly what happend with Vlite.
if i were you i would install regular windows 7 on a seperate partition, adn install all patches and then SP1, then capture the image, then burn.
that way everything is installed right.
adn while your at it you can update DirectX, and make it so you can install it and jump right into using it after, without having to set everything up!
@RBCC
If you have questions about SP1 then either search Google, search this forum, or start a new thread. This thread is about changing the boot animation in Windows 7 and at least slightly related things. Slipstreaming is not related.
A brief update on my progress. I have have found all the hacks and done my initial testing. I am working through the following problems:
If you have questions about SP1 then either search Google, search this forum, or start a new thread. This thread is about changing the boot animation in Windows 7 and at least slightly related things. Slipstreaming is not related.
A brief update on my progress. I have have found all the hacks and done my initial testing. I am working through the following problems:
- The Windows Recovery issue that happens to a random set of people in Alpha 9
- Winresume:
- My testing might be wrong because its in a VM and those don't fully support hibernation but here goes:
- 32-bit original/SP1: Worked the first time (original), although I had a different issue which caused no messages to show up. After that it only got to showing the messages and doesn't show the animation, and freezes.
- 64-bit original/SP1: after animation, black screen, and freeze
Nice info thanks thaimin im waiting for testing !!! 
Are you working on the Background? Also changing of fonts in copyright? Or is that all but forgotten? RBCC
@RBCC
READ THE THREAD or the emails I send you personally! Below are quotes that I have said before, some directed at you when you previously ask similar questions. We are working on this, but this is not our job, so it doesn't get priority. If you need something like this done on your schedule, then hire programmers. You are already on my email list, I will inform you of major updates and major updates will be posted here. I even regularly post minor updates to my progress here (in fact two entries above I have some things I have been working on). If you would like me to start submitting progress reports and time-sheets to you I will require a paycheck.
�� Quote: Originally Posted by thaimin �� Quote: Originally Posted by joakim �� Quote: Originally Posted by joakim:1191121 �� Quote: Originally Posted by thaimin
READ THE THREAD or the emails I send you personally! Below are quotes that I have said before, some directed at you when you previously ask similar questions. We are working on this, but this is not our job, so it doesn't get priority. If you need something like this done on your schedule, then hire programmers. You are already on my email list, I will inform you of major updates and major updates will be posted here. I even regularly post minor updates to my progress here (in fact two entries above I have some things I have been working on). If you would like me to start submitting progress reports and time-sheets to you I will require a paycheck.
�� Quote: Originally Posted by thaimin Custom fonts were becoming a mess so I decided to remove them as long as the full image background works...
�� Quote: Originally Posted by joakim Just letting you know that I've started testing code to draw bitmaps with winload.exe
�� Quote: Originally Posted by joakim:1191121 Regarding bitmap drawing
�� Quote: Originally Posted by thaimin I am sorry that I haven't been able to provide any feedback with the image stuff yet, but hopefully this weekend
Thaimin, i tried again using YOUR animation.bmp and i saved it in photoshop as 24 bit BMP and loaded it and the animation IS NOT curropt, like it was a while ago.
here is my .bs7 file with all my settings so you can see.
hopefully it helps!
MEGAUPLOAD - The leading online storage and file delivery service
here is my .bs7 file with all my settings so you can see.
hopefully it helps!
MEGAUPLOAD - The leading online storage and file delivery service
What is the issue though? There is nothing wrong with what you have done.
no, there is no issue, remember when i showed ou how the animation looked like smeared and everything?
it works now, i'm now sure what's different, but it works.
it works now, i'm now sure what's different, but it works.
Oh yeah, that was fixed awhile ago. I made the system much more robust. The issue that you had before was the file had a DPI specified (whereas most files don't have any DPI). I corrected that among many others.
oh ok, i thought it was still being worked on,
and what is DPI?
like dots per inch?
and did you correct the actual file, or did you make your app adjust those settings automagically?
and what is DPI?
like dots per inch?
and did you correct the actual file, or did you make your app adjust those settings automagically?
am i like, the thread killer?
or something?
or something?
No you aren't. I am just busy...
DPI is dots per inch. I made the program automatically use straight-up pixels and ignore the DPI (which it uses by default if the file includes it).
DPI is dots per inch. I made the program automatically use straight-up pixels and ignore the DPI (which it uses by default if the file includes it).
Sorry I am bugging you too much!
I would like to announce that I have done the first successful full-background image! I was able to have a 24-bit BMP image drawn instead of the text and then the animation is drawn on top of that. I will not be including this in the next version of the program since it still needs much work, but the one after should have it.
The holdups for the next version are (in order of importance):
The holdups for the next version are (in order of importance):
- Winresume locking up
- 32-bit locks up right after text is draw, before animation
- 64-bit locks up after the animation and it is done resuming, on a black screen
- Need to fully test long copyright texts
- The problem that causes random people to enter System Restore
@joakim
This message will be quite technical, so I decided to separate it out.
The tests were done in Windows 7 32-bit, pre-SP1, with TESTSIGNING enabled on both {bootmgr} and {current} and boot debugging on {current}. I used no other hacks besides the new function.
As you suggested, I switched the whole function over to using RC_DATA 1 in winload.exe instead of RC_DATA 2 in bootres.dll. The changes here were to use "and eax, 0; and ecx, 0" instead of "mov eax, ...; mov ecx, ...". And changing the id to 1 instead of 2. This will have the added benefit of allowing different images for boot-up and resuming.
I found that there were numerous issues with the code I sent you since I didn't understand how to write a function from scratch in assembly. What I did to make the function work properly was continually change the bytes, have IDA re-deassemble the file, and then use Hex-Rays to decompile my function. I tweaked it until the decompiled function looked as expected.
There is still one major issue however. The call to the new function is "messed up". But it shouldn't be... In the file it looks fine (and I checked the actually file being run) [E8 87 5F 05 00] but while debugging it changes to [E8 87 2F 18 00]. No other function call is doing weird things. I finally got around this by using WinDbg to change the code back to [E8 87 5F 05 00] while it was already running and it worked.
What do you think about that last issue? Is it something with re-basing the code when it is loaded? The base specified in the file is 0x400000 but the file is loaded at 0x52D000 when actually run. The difference there (0x12D000) is the exact difference that is introduced... The reason it may only be affecting that one spot is that the code it is replacing is an absolute memory reference. So maybe the relocs table has to be updated...
This message will be quite technical, so I decided to separate it out.
The tests were done in Windows 7 32-bit, pre-SP1, with TESTSIGNING enabled on both {bootmgr} and {current} and boot debugging on {current}. I used no other hacks besides the new function.
As you suggested, I switched the whole function over to using RC_DATA 1 in winload.exe instead of RC_DATA 2 in bootres.dll. The changes here were to use "and eax, 0; and ecx, 0" instead of "mov eax, ...; mov ecx, ...". And changing the id to 1 instead of 2. This will have the added benefit of allowing different images for boot-up and resuming.
I found that there were numerous issues with the code I sent you since I didn't understand how to write a function from scratch in assembly. What I did to make the function work properly was continually change the bytes, have IDA re-deassemble the file, and then use Hex-Rays to decompile my function. I tweaked it until the decompiled function looked as expected.
There is still one major issue however. The call to the new function is "messed up". But it shouldn't be... In the file it looks fine (and I checked the actually file being run) [E8 87 5F 05 00] but while debugging it changes to [E8 87 2F 18 00]. No other function call is doing weird things. I finally got around this by using WinDbg to change the code back to [E8 87 5F 05 00] while it was already running and it worked.
What do you think about that last issue? Is it something with re-basing the code when it is loaded? The base specified in the file is 0x400000 but the file is loaded at 0x52D000 when actually run. The difference there (0x12D000) is the exact difference that is introduced... The reason it may only be affecting that one spot is that the code it is replacing is an absolute memory reference. So maybe the relocs table has to be updated...
@thaimin: I am inquistive are the holdups for the next version should be ironed out if one thing is working then all should work?
Good job, thaimin!
Good job, thaimin!
�� Quote: Originally Posted by thaimin I found that there were numerous issues with the code I sent you since I didn't understand how to write a function from scratch in assembly. What I did to make the function work properly was continually change the bytes, have IDA re-deassemble the file, and then use Hex-Rays to decompile my function. I tweaked it until the decompiled function looked as expected.
�� Quote: Originally Posted by thaimin What do you think about that last issue? Is it something with re-basing the code when it is loaded? The base specified in the file is 0x400000 but the file is loaded at 0x52D000 when actually run. The difference there (0x12D000) is the exact difference that is introduced... The reason it may only be affecting that one spot is that the code it is replacing is an absolute memory reference. So maybe the relocs table has to be updated...
I will also be extremely busy at work in the next days, but I will try to squeze in a few minutes. If not tonight, then it must be next week sometime.
Joakim
@joakim
I did just a little bit of additional research and got it to not relocate it! The PE file has a section called ".reloc" and a data directory IMAGE_DIRECTORY_ENTRY_BASERELOC (both should point to the same place in the file). It lists all the places where relocations need to occur. Very near the beginning was the one we were looking for. Changing it to 0s made it ignored (whenever the first 4 bits are 0, the entire relocation entry is ignored).
You can read more about them at Peering Inside the PE: A Tour of the Win32 Portable Executable File Format in the section "PE File Base Relocations" and Inside Windows: An In-Depth Look into the Win32 Portable Executable File Format, Part 2 in the section "Base Relocations". I used PE View (WJR's PEview(PE/COFF File Viewer), xlatHinc, M(Mandelbrot Set), Awpm) to look at the file and find it.
I zeroed it out, retested, and voil� it works! I will have to add a little something to my program to automatically search for and zero out overwritten relocations.
I will send you an updated document soon with how this all finally worked. As a note there will likely be some changes to get it to work in 64-bit.
�� Quote: Originally Posted by joakim Thanks! I thought it was pretty clever too, and actually went pretty quickly. Some changes I could do right in IDA without re-disassembling (as long as they were the same length assembly instructions).
@RBCC
Each one is its own thing. I may have fixed the 32-bit winresume issue just I haven't tested. I have no idea about the 64-bit winresume issue at the moment. The long copyright testing I am quite certain works, I just haven't tested it since I changed my patching system and got SP1 working. The last one I have one idea left to test, and hopefully that will be it! Otherwise I will release it with that issue still there. All in all, this isn't too big of problems to work out, and hopefully this weekend, time permitting, I will release it.
I did just a little bit of additional research and got it to not relocate it! The PE file has a section called ".reloc" and a data directory IMAGE_DIRECTORY_ENTRY_BASERELOC (both should point to the same place in the file). It lists all the places where relocations need to occur. Very near the beginning was the one we were looking for. Changing it to 0s made it ignored (whenever the first 4 bits are 0, the entire relocation entry is ignored).
You can read more about them at Peering Inside the PE: A Tour of the Win32 Portable Executable File Format in the section "PE File Base Relocations" and Inside Windows: An In-Depth Look into the Win32 Portable Executable File Format, Part 2 in the section "Base Relocations". I used PE View (WJR's PEview(PE/COFF File Viewer), xlatHinc, M(Mandelbrot Set), Awpm) to look at the file and find it.
I zeroed it out, retested, and voil� it works! I will have to add a little something to my program to automatically search for and zero out overwritten relocations.
I will send you an updated document soon with how this all finally worked. As a note there will likely be some changes to get it to work in 64-bit.
�� Quote: Originally Posted by joakim Thanks for giving such an utterly excellent example of a trial & error method. I never thought of this.
@RBCC
Each one is its own thing. I may have fixed the 32-bit winresume issue just I haven't tested. I have no idea about the 64-bit winresume issue at the moment. The long copyright testing I am quite certain works, I just haven't tested it since I changed my patching system and got SP1 working. The last one I have one idea left to test, and hopefully that will be it! Otherwise I will release it with that issue still there. All in all, this isn't too big of problems to work out, and hopefully this weekend, time permitting, I will release it.
Very nice! Thanks a lot! I've read the book/article more than once in the past. But I guess it helps to re-read it at certain intervals whenever your knowledgebase has increased and you're able to digest more of the info.
Could you also attach a sample winload.exe at the same time (I barely have any time left at all, and will thus not have time to implement the new code before debugging)?
Joakim
Could you also attach a sample winload.exe at the same time (I barely have any time left at all, and will thus not have time to implement the new code before debugging)?
Joakim
Thaimin:
Will this be in form of a alpha ie alpha10? Or could you release as a patch for 9? RBCC
Will this be in form of a alpha ie alpha10? Or could you release as a patch for 9? RBCC
@RBCC
This will be a new program: alpha 10. Alpha 9 (the current) and before have no means to be 'patched'. Alpha 10 has minimal means of being patched (only its knowledge of where to look to replace things in the system files). Any additional work (many of the things I am and will be working on) will require completely new programs. If you haven't noticed you download a single program file, it does not install anything... Please think about things before you ask.
This will be a new program: alpha 10. Alpha 9 (the current) and before have no means to be 'patched'. Alpha 10 has minimal means of being patched (only its knowledge of where to look to replace things in the system files). Any additional work (many of the things I am and will be working on) will require completely new programs. If you haven't noticed you download a single program file, it does not install anything... Please think about things before you ask.
RBCC, chill out a little man, it will be done when it's done.
and you will be sure to know.
it will probably be all over the internet.
and you will be sure to know.
it will probably be all over the internet.
While i have managed to get the boot animation to work, i am trying to find all the files to batch into a new OS.
What i need to know is the Director path of each file required to load in the new OS, especially Winload.exe, in which i have signature issue when booting to New OS.
I am trying to get the animation to work on new install and when loading in the New OS.
Thanks for the help
cheers
xxrazor
What i need to know is the Director path of each file required to load in the new OS, especially Winload.exe, in which i have signature issue when booting to New OS.
I am trying to get the animation to work on new install and when loading in the New OS.
Thanks for the help
cheers
xxrazor
open up the boot animation app, click the options tab.
it will list all the hacked files, with the path to said files.
it will list all the hacked files, with the path to said files.
@xxrazor
Some of the files may be in the boot.wim. You probably need to replace the files in boot.wim entry 1 and 2, and the entry in install.wim that you want to modify. The "Options" menu lists their actual locations (Windows\...). No one has really tried to get this to work by modifying files pre-install. Please tell me how it goes since that is my eventual goal.
Some of the files may be in the boot.wim. You probably need to replace the files in boot.wim entry 1 and 2, and the entry in install.wim that you want to modify. The "Options" menu lists their actual locations (Windows\...). No one has really tried to get this to work by modifying files pre-install. Please tell me how it goes since that is my eventual goal.
very good job thaimin and all the others hope you get the risult very soon
Thaimin, we have a problem.
someone ripped off our work (by our i mean everyone that contributed.)
link to infringing work: My7Vision.Fr - My 7 CustoBox v1.1.2.0
i don't know what you want to do about it, it is only your decision, as you wrote it.
thought i would tell you.
i would be pissed.
someone ripped off our work (by our i mean everyone that contributed.)
link to infringing work: My7Vision.Fr - My 7 CustoBox v1.1.2.0
i don't know what you want to do about it, it is only your decision, as you wrote it.
thought i would tell you.
i would be pissed.
There are a number of works I have seen that include my EXE. Many on deviantART. This is why the current and future versions all include my information, links, yours guy's names, and the license embedded in the program, accessible in the About menu. Its not ripping off my work, it is disseminating it.
The things that I am worried about is a company like Dell using it to brand every machine they sell. That's why I am forbidding commercial use. I am working with a few companies that want to brand their machines.
I want to make an installer for those people that want to spread their designs using my software. That was there is a consistent and 'controlled' installer that uses my software. I am getting close to being able to do that, although I am working on many little bugs that are being a b**** to track down. I hoped to release awhile ago, but its taking longer than I would have hoped.
The things that I am worried about is a company like Dell using it to brand every machine they sell. That's why I am forbidding commercial use. I am working with a few companies that want to brand their machines.
I want to make an installer for those people that want to spread their designs using my software. That was there is a consistent and 'controlled' installer that uses my software. I am getting close to being able to do that, although I am working on many little bugs that are being a b**** to track down. I hoped to release awhile ago, but its taking longer than I would have hoped.
Greate Thanks thaimin
waiting for your new release.
waiting for your new release.
ok, it's fine if i make my Cloud7.bs7 on my DeviantART right?
and thanks for including my name in the about menu, i never noticed that!
thanks!
if i knew how to code i would help with that,
what language is it written in?
my twin sis is taking a programming class, so i might be able to help.
and thanks for including my name in the about menu, i never noticed that!
thanks!
if i knew how to code i would help with that,
what language is it written in?
my twin sis is taking a programming class, so i might be able to help.
It is a bit, and I must agree that most people on deviantART do give me credit. But for those people who don't want to, the program gives me credit.
It is written in multiple languages: C, C++, C++/CLI, C# and assembly. Very convoluted. However there may be something you can help with soon. I have separated the interface from the core. The core can be in a stand-alone DLL file, with everything required to modify the system, and even load and save BS7 files.
One thing that would be great to have as a new interface is an installer. I think using NSIS would be a good way to go. Here are some of my initial thoughts on it:
It is written in multiple languages: C, C++, C++/CLI, C# and assembly. Very convoluted. However there may be something you can help with soon. I have separated the interface from the core. The core can be in a stand-alone DLL file, with everything required to modify the system, and even load and save BS7 files.
One thing that would be great to have as a new interface is an installer. I think using NSIS would be a good way to go. Here are some of my initial thoughts on it:
- There is an NSIS plugin to use functions in CLR (.NET) DLLs like the one I have created: Call .NET DLL methods plug-in - NSIS
- The installer would have to have the BS7 file within it
- It would possibly have an "Advanced Options" page to set the destination files
- The uninstaller would restore the files
�� Quote: Originally Posted by marcusj0015 open up the boot animation app, click the options tab.
it will list all the hacked files, with the path to said files.
it will list all the hacked files, with the path to said files.
Since i was unable to get the new beta version to work for me, i have been using the older Alpha version which does not have the Option selection.
In saying that i do have the beta version, and will check out the option selection for all the paths within.
�� Quote: Originally Posted by thaimin @xxrazor
Some of the files may be in the boot.wim. You probably need to replace the files in boot.wim entry 1 and 2, and the entry in install.wim that you want to modify. The "Options" menu lists their actual locations (Windows\...). No one has really tried to get this to work by modifying files pre-install. Please tell me how it goes since that is my eventual goal.
Some of the files may be in the boot.wim. You probably need to replace the files in boot.wim entry 1 and 2, and the entry in install.wim that you want to modify. The "Options" menu lists their actual locations (Windows\...). No one has really tried to get this to work by modifying files pre-install. Please tell me how it goes since that is my eventual goal.
Happy to pass on the info.
cheers
xxrazor
lol about learning the new languages,
i think your best bet, would be simular to the 7-Zip self extracting archive.
it could hold the 7boot app inside the bs7 and somehow run it from within the archive, and extract itself and the resources.
oh, no effence,but could you put my full name in the about tab, Marcusj0015 you forgot the 0015 part.
or you could put in my deviantart account which is more important to me, BumbleBritches57
i think your best bet, would be simular to the 7-Zip self extracting archive.
it could hold the 7boot app inside the bs7 and somehow run it from within the archive, and extract itself and the resources.
oh, no effence,but could you put my full name in the about tab, Marcusj0015 you forgot the 0015 part.
or you could put in my deviantart account which is more important to me, BumbleBritches57
@xxrazor
The old version (Alpha 8) requires testsigning to be turned on which you can't do for a new install. You must use at least version Alpha 9 which attempts to work around the testsigning requirement.
@marcusj
The problem with a 7-zip self extracting archive is it provides no method for uninstallation. If someone wants to try out the animation then try another it will complain that the files are already modified. If the want to remove it or whatever they would be lost. Also, apparently these modifications interrupt some Windows Updates so uninstallation and reinstallation may be required just to install some Windows Updates.
I will correct your handle for the next version. Sorry for the oversight.
The old version (Alpha 8) requires testsigning to be turned on which you can't do for a new install. You must use at least version Alpha 9 which attempts to work around the testsigning requirement.
@marcusj
The problem with a 7-zip self extracting archive is it provides no method for uninstallation. If someone wants to try out the animation then try another it will complain that the files are already modified. If the want to remove it or whatever they would be lost. Also, apparently these modifications interrupt some Windows Updates so uninstallation and reinstallation may be required just to install some Windows Updates.
I will correct your handle for the next version. Sorry for the oversight.
�� Quote: Originally Posted by thaimin @xxrazor
The old version (Alpha 8) requires testsigning to be turned on which you can't do for a new install. You must use at least version Alpha 9 which attempts to work around the testsigning requirement.
The old version (Alpha 8) requires testsigning to be turned on which you can't do for a new install. You must use at least version Alpha 9 which attempts to work around the testsigning requirement.
Alpha 8 is the only one that would change boot animation.
cheers
xxrazor
@razorxx
The with issue Alpha 9 seems to only shows up when you don't have the hidden partition. The default for a new install is to have that hidden partition, so it should work. I can assure you that Alpha 8 will fail when integrating it into a new install.
The with issue Alpha 9 seems to only shows up when you don't have the hidden partition. The default for a new install is to have that hidden partition, so it should work. I can assure you that Alpha 8 will fail when integrating it into a new install.
ok thanks Thaimin,
for the windows update problem, do you know HOW it throws off Windows Update?
what are you thinking on how to make the installer?
for the windows update problem, do you know HOW it throws off Windows Update?
what are you thinking on how to make the installer?
Windows Update supposedly fails with errors 80070643 and/or 80071A91 only with certain updater. This was reported to me by someone. I haven't experienced it.
As I said previously, I believe that NSIS would be a great way to make an installer.
As I said previously, I believe that NSIS would be a great way to make an installer.
�� Quote: Originally Posted by thaimin @razorxx
The with issue Alpha 9 seems to only shows up when you don't have the hidden partition. The default for a new install is to have that hidden partition, so it should work. I can assure you that Alpha 8 will fail when integrating it into a new install.
The with issue Alpha 9 seems to only shows up when you don't have the hidden partition. The default for a new install is to have that hidden partition, so it should work. I can assure you that Alpha 8 will fail when integrating it into a new install.
"The with issue Alpha 9 seems to only shows up when you don't have the hidden partition"
Can you explain what i need to do to get Alpha 9 to work base on the comment above please.
I have a patch that enables you to install Windows 7 without being forced to create the hidden partition.
You need to mount boot.wim image 2 and substitute "sources\winsetup.dll"
When you boot from the dvd and you get to the "Where do you want to install Windows?"
screen, If you choose next you will get the normal partition layout with the hidden partition.
But if you click "Drive Options (advanced)" you can create a partition using the whole disk and the hidden partition will not be forced upon you. Thank To Neuropass
Thanks Mate
cheers
xxrazor
what that means, is if you DON'T have the hidden partition, it won't work right now, and Thaimin is trying to work out the bug and it will take some time.
Thaimin, what is NSIS?
thaimin
what about inno setup? NSIS is another installer that is free! Please explain something, if you do have a hidden partition it works? Isn't about everybody who haven't used @xxrazor's patch?
RBCC
what about inno setup? NSIS is another installer that is free! Please explain something, if you do have a hidden partition it works? Isn't about everybody who haven't used @xxrazor's patch?
RBCC
@RBCC
Many people do not have hidden partitions, xxrazor's case is a very special one in that from an unattended install on a clean computer there will be no hidden partition.
The other ways to get no hidden partition is to be installing Windows onto a computer that already has an OS (Linux, Mac OS, Windows XP or earlier, ...). This is likely the most common way to have no hidden partition, initially I thought it was the dual-boot setup itself that caused the issue.
The last way I know (which is how I did my testing) is to use a utility to partition the drive before installing Windows. Some manufactures use a system similar to this so that the end-user machine has no hidden partition. When I ran into a person with this situation it is when I knew that it was the absence of the hidden partition causing the problem.
@RBCC
I am new to this whole installer thing, and my initial (very brief) search turned up NSIS. Inno Setup looks promising as well. Seeing that I haven't actually started making the installer, I can still change which one I will use. Thanks for the input!
@marcusj0015
NSIS is a script language that can be compiled into an installer. Inno Setup is the same idea.
@all Important!
I am proud to announce that I have successfully fixed this bug that darn bug causing problems with people who didn't have a hidden partition. In fact it uses a very smart system now to find the exact bootmgr that you are using (even if you have the hidden partition with a bootmgr but use one on your main drive, it should still work!). I plan to use this smart system for the other files (winload, winresume), but that will come in a later version so I can release the current one.
I have also added complete winresume support. You can edit the resume screen completely independent of the boot screen!
It also has complete SP1 support!
There have also been other numerous, less obvious, changes as well.
I will hopefully release the new version tomorrow, I still want to run one last set of tests on all systems (x86/x64, RTM/SP1, with and without hidden partitions).
Hopefully this next release will have no big hang-ups, and I will release the first beta with a full-image background support.
Many people do not have hidden partitions, xxrazor's case is a very special one in that from an unattended install on a clean computer there will be no hidden partition.
The other ways to get no hidden partition is to be installing Windows onto a computer that already has an OS (Linux, Mac OS, Windows XP or earlier, ...). This is likely the most common way to have no hidden partition, initially I thought it was the dual-boot setup itself that caused the issue.
The last way I know (which is how I did my testing) is to use a utility to partition the drive before installing Windows. Some manufactures use a system similar to this so that the end-user machine has no hidden partition. When I ran into a person with this situation it is when I knew that it was the absence of the hidden partition causing the problem.
@RBCC
I am new to this whole installer thing, and my initial (very brief) search turned up NSIS. Inno Setup looks promising as well. Seeing that I haven't actually started making the installer, I can still change which one I will use. Thanks for the input!
@marcusj0015
NSIS is a script language that can be compiled into an installer. Inno Setup is the same idea.
@all Important!
I am proud to announce that I have successfully fixed this bug that darn bug causing problems with people who didn't have a hidden partition. In fact it uses a very smart system now to find the exact bootmgr that you are using (even if you have the hidden partition with a bootmgr but use one on your main drive, it should still work!). I plan to use this smart system for the other files (winload, winresume), but that will come in a later version so I can release the current one.
I have also added complete winresume support. You can edit the resume screen completely independent of the boot screen!
It also has complete SP1 support!
There have also been other numerous, less obvious, changes as well.
I will hopefully release the new version tomorrow, I still want to run one last set of tests on all systems (x86/x64, RTM/SP1, with and without hidden partitions).
Hopefully this next release will have no big hang-ups, and I will release the first beta with a full-image background support.
Wow great, thaimin. Many many thanks for your work.
for those, looking for a boot screen: Deskmodder.de - Windows 7 Boot screens - Boot animationen
for those, looking for a boot screen: Deskmodder.de - Windows 7 Boot screens - Boot animationen
Thaimin, IExpress, will add modded files and a cmd script to move the modded files to there correct locations. i think this is perfect.
just another idea, and it's built in, so you should check it out.
and i find CMD files easier to write, becuase i know the scripting language.
and if you want me to write a big cmd file with variables i would love to help, it's the only programming thing i can help with.
Great job Thaimin!
sounds like your app is finally coming together, like we all have been hoping and working for.
@Moinmoin,
that is pretty awesome, too bad it isn't Optimus Prime, Or BumbleBee From Transformers doing that.
that would be AWESOME!
just another idea, and it's built in, so you should check it out.
and i find CMD files easier to write, becuase i know the scripting language.
and if you want me to write a big cmd file with variables i would love to help, it's the only programming thing i can help with.
Great job Thaimin!
sounds like your app is finally coming together, like we all have been hoping and working for.
@Moinmoin,
that is pretty awesome, too bad it isn't Optimus Prime, Or BumbleBee From Transformers doing that.
that would be AWESOME!
Cool bro
Has anybody figured out how to "shut down" patchguard on a file by file basis? Is there a way so winload.exe can be altered or do you alter winload.exe.mui instead?
thaimin: Sounds great I see you finally got some thing to work on it, things must have busy for u!
RBCC
thaimin: Sounds great I see you finally got some thing to work on it, things must have busy for u!
RBCC
i don't have much info about patchguard, but you can't turn it off.
he just patches winload.exe, as winload.exe contains the program code, and winload.exe.mui, only contrains the resources contained in winload.exe, but no code.
he just patches winload.exe, as winload.exe contains the program code, and winload.exe.mui, only contrains the resources contained in winload.exe, but no code.
@all
I accidentally deleted the entire project (using shift+delete so it skipped the recycle bin). I was able to recover most of it, but since then I have been busy restoring files. I have got everything back, but this has delayed my testing. So still stay tuned!
@RBCC
I have told this to you before. Patchguard only protects files after the main kernel (ntoskrnl) takes over. bootmgr and winload are their own kernels (technically bootmgr is a kernel and winload is a library it loads). This means I need only disable the security of them checking themselves. I do this already in Alpha 9! I disable all checks on bootmgr, bootmgr.exe.mui, bootres.dll(.mui), winload.exe(.mui), and winresume.exe(.mui). The winresume checks are only disabled in the upcoming version since it is the first to support modifying winresume.
I accidentally deleted the entire project (using shift+delete so it skipped the recycle bin). I was able to recover most of it, but since then I have been busy restoring files. I have got everything back, but this has delayed my testing. So still stay tuned!
@RBCC
I have told this to you before. Patchguard only protects files after the main kernel (ntoskrnl) takes over. bootmgr and winload are their own kernels (technically bootmgr is a kernel and winload is a library it loads). This means I need only disable the security of them checking themselves. I do this already in Alpha 9! I disable all checks on bootmgr, bootmgr.exe.mui, bootres.dll(.mui), winload.exe(.mui), and winresume.exe(.mui). The winresume checks are only disabled in the upcoming version since it is the first to support modifying winresume.
@RBCC
Whatever security mechanism you want to alter, a file by file basis must be a pain to implement. All (files) in one is a lot easier, usually.
Whatever security mechanism you want to alter, a file by file basis must be a pain to implement. All (files) in one is a lot easier, usually.
glad you got everything back thaimin, you might wanna make a backup.
and you should look into IExpress.exe for your patcher
and you should look into IExpress.exe for your patcher
It's up! v0.0.0.10 Alpha is up!
Coder for Life - Project - Windows 7 Boot Updater
I tested it the best I could in VirtualBox, however I found out that Windows 7 x64 can NEVER resume in VirtualBox, so I had to skip all 64-bit winresume tests.
Hope that this version is much more successful overall. I will be emailing everyone who emailed me through my website tomorrow, so you guys get a "sneak peak".
A couple of major notes about this version:
If anyone is looking for a good read, look at this: FGA: The Windows NT 6 boot process
@marcusj0015
I had an old-ish backup (approximately right before Alpha 9 was released). I just made a backup and will be setting it up to do automatic backups from now on... I learned my lesson.
@marcusj0015
Due to "TrustedInstaller" owning all the files I need to modify, CMD scripts don't really work. My program does a bunch of work to make the file accessible. Additionally, just providing modded files means that as soon as a Windows Update comes along, everyone has to make a new installer! Seeing that I now have a DLL version of my program, and a single call can do the update, I just need to make the right package!
Coder for Life - Project - Windows 7 Boot Updater
I tested it the best I could in VirtualBox, however I found out that Windows 7 x64 can NEVER resume in VirtualBox, so I had to skip all 64-bit winresume tests.
Hope that this version is much more successful overall. I will be emailing everyone who emailed me through my website tomorrow, so you guys get a "sneak peak".
A couple of major notes about this version:
- It now requires .NET Framework 4.0 (unless you download a version built for .NET Framework 2.0 which I will be fading out)
- The BS7 format changed so old boot skins won't work. If you want yours converted, I can do it for you.
- Better defaults for winload/winresume based on BCD data (I can find out exactly the winload and winresume you are using)
- Full image backgrounds
- An installer system and a sharing website
If anyone is looking for a good read, look at this: FGA: The Windows NT 6 boot process
@marcusj0015
I had an old-ish backup (approximately right before Alpha 9 was released). I just made a backup and will be setting it up to do automatic backups from now on... I learned my lesson.
@marcusj0015
Due to "TrustedInstaller" owning all the files I need to modify, CMD scripts don't really work. My program does a bunch of work to make the file accessible. Additionally, just providing modded files means that as soon as a Windows Update comes along, everyone has to make a new installer! Seeing that I now have a DLL version of my program, and a single call can do the update, I just need to make the right package!
Thanks mate, i will let you know how i go.
cheers
xxrazor
cheers
xxrazor
Hi
the Win7BootUpdater.exe no starting in my Windows 7 64bit sp1 no starting when i starting the exe file !!!
the Win7BootUpdater.exe no starting in my Windows 7 64bit sp1 no starting when i starting the exe file !!!
@georg, check your "Windows 7 SP1"
the REAL SP1 gets released today on MSDN.
@Thaimin,
that's true, you could have the takeown command in the cmd file that gets deployed, but it's best you have an actual patcher patch the actual files that are already installed.
@Thaimin,
thank you SO much for writing this app, back when i was thinking about it, and trying to get this project off the ground, you came along, and made my dream come true, thanks.
@Thaimin, you said that you were working with business's like dell, that win7 animation in there comercials, is that your app doing that?
@Joakim
thanks for finding some/all the hacks, you also helped make my dream come true.
the REAL SP1 gets released today on MSDN.
@Thaimin,
that's true, you could have the takeown command in the cmd file that gets deployed, but it's best you have an actual patcher patch the actual files that are already installed.
@Thaimin,
thank you SO much for writing this app, back when i was thinking about it, and trying to get this project off the ground, you came along, and made my dream come true, thanks.
@Thaimin, you said that you were working with business's like dell, that win7 animation in there comercials, is that your app doing that?
@Joakim
thanks for finding some/all the hacks, you also helped make my dream come true.
DOUBLE POST!
Admin, please remove
Admin, please remove
�� Quote: Originally Posted by marcusj0015 @georg, check your "Windows 7 SP1"
the REAL SP1 gets released today on MSDN.
the REAL SP1 gets released today on MSDN.
well, the new version takes like 2 minutes to load for me, but i have aero disabled on this installation.
and,no you probably DO NOT have Windows 7 SP1 RTM.
the version you have is a leaked version, the final version isn't out yet.
the FINAL SP1 comes out today, on technet/MSDN and on 2/22/11 on Windows Update/Microsoft.com
and,no you probably DO NOT have Windows 7 SP1 RTM.
the version you have is a leaked version, the final version isn't out yet.
the FINAL SP1 comes out today, on technet/MSDN and on 2/22/11 on Windows Update/Microsoft.com
Well i have had many goes at this, and i am unable to get the application to start.
This is the first error
As this is Visual basic 2010 file, i have managed to place this file in the correct path only to get application error when trying to start application.
I have tried this in VM Ware and a normal OS as well as SP1
In a nut shell, i can not get the app to start
keep up the good work
cheers
xxrazor
This is the first error
As this is Visual basic 2010 file, i have managed to place this file in the correct path only to get application error when trying to start application.
I have tried this in VM Ware and a normal OS as well as SP1
In a nut shell, i can not get the app to start
keep up the good work
cheers
xxrazor
@Georg, i DO have 64 bit, do you?
and that screenshot dosen't mean anything, you have to match the build number with the build number MS releases later today, until then, the LEAKED copy, IS NOT confirmed
@XXRAZOR
i had the same problem with that dll
download the C++ 2010 x64 redist HERE: http://www.microsoft.com/downloads/e...F-9350143D5867
C++ 2010 x86 Redist HERE: http://www.microsoft.com/downloads/e...displaylang=en
and that screenshot dosen't mean anything, you have to match the build number with the build number MS releases later today, until then, the LEAKED copy, IS NOT confirmed
@XXRAZOR
i had the same problem with that dll
download the C++ 2010 x64 redist HERE: http://www.microsoft.com/downloads/e...F-9350143D5867
C++ 2010 x86 Redist HERE: http://www.microsoft.com/downloads/e...displaylang=en
Hi
I have new installed C++ 2010 x64 and started COOOL im so happy i have a new Boot animation !!!
BIG BIG BIG THANKS marcusj0015 + thaimin !!!
I have new installed C++ 2010 x64 and started COOOL im so happy i have a new Boot animation !!!
BIG BIG BIG THANKS marcusj0015 + thaimin !!!
I didn't realize that the .net framework 4 did not come with the Visual Studio 2010 redistribtable (3.5 came with the 2008 redistributable, why wouldn't they give you the 2010 redistributable?). I will add the info to my site.
@marcusj
I have been testing with the leaked copies, and they should be quite close since those were the copies released to major manufactures. Thanks for pointing out the VS 2010 thing. I actually did all my testing with the special .net 2.0 version which only requires VS 2008 stuff and can be run on a clean Windows 7 install.
@marcusj
Your welcome! I was waiting for someone to make this program and got fed up. I am glad I met joakim and worked on this because it still wouldnt exist otherwise.
@marcusj
I haven't worked with Dell, but I am working with much smaller companies. What commercial are you talking about?
@marcusj
I have been testing with the leaked copies, and they should be quite close since those were the copies released to major manufactures. Thanks for pointing out the VS 2010 thing. I actually did all my testing with the special .net 2.0 version which only requires VS 2008 stuff and can be run on a clean Windows 7 install.
@marcusj
Your welcome! I was waiting for someone to make this program and got fed up. I am glad I met joakim and worked on this because it still wouldnt exist otherwise.
@marcusj
I haven't worked with Dell, but I am working with much smaller companies. What commercial are you talking about?
i don't know the "name" of the commercial, but i seen a dell commmercial and at the end, they show the windows boot flag but it's going like twice as fast as the normal boot flag, and it's surrounded by banner ad's on the tv, so somthing special is going on there, it might be a recording and sped up, idk but it's not the normal win7 boot.
and, to be honest, i thought someone else would make this app too, pretty awesome that i'm in the middle of it though!
and, to be honest, i thought someone else would make this app too, pretty awesome that i'm in the middle of it though!
@marcusj0015
Thanks mate, that got it going
@thaimin
Mate the app works fine, no problem at all getting the boot to work when changing within the OS
But you did ask about batching files into a new OS, well i did get a error
Now i only copied the files within the option tab, maybe i have missed something?
Your thoughts?
Thanks again
Cheers
xxrazor
Thanks mate, that got it going
@thaimin
Mate the app works fine, no problem at all getting the boot to work when changing within the OS
But you did ask about batching files into a new OS, well i did get a error
Now i only copied the files within the option tab, maybe i have missed something?
Your thoughts?
Thanks again
Cheers
xxrazor
�� Quote: Originally Posted by thaimin If anyone is looking for a good read, look at this: FGA: The Windows NT 6 boot process
Code:
Windows� Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition
@Joakim, have you read the entire book and been interested enough to continue reading the whole thing?
becasue, i am a nerd, but some things I don't even want to read throught, becasue there too boring!
becasue, i am a nerd, but some things I don't even want to read throught, becasue there too boring!
hi,
i tested Win7BootUpdater and everything worked!
but Win7BootUpdaterCmd crash on startup
Your thoughts?
Thanks
PS:I'm sorry for my bad english I'm Italian
i tested Win7BootUpdater and everything worked!
but Win7BootUpdaterCmd crash on startup
Your thoughts?
Thanks
PS:I'm sorry for my bad english I'm Italian
�� Quote: Originally Posted by marcusj0015 @Joakim, have you read the entire book and been interested enough to continue reading the whole thing?
@OP: I would love to change my boot logo. However, I haven't the knowledge necessary to do this.
@kbronski,
have a little respect man, "you havent the knowledge" you can;t download and run a simple program?
@Thaimin,
when you get the final version out the door, you should make a new thread, becuase this dev thread, is apperantly attracting and confusing n00bs.
and, is there any way to keep the n00bs out?
@greifi,
did you download the .net 2.0 version of win7bootupdater cli or the .net 4.0 version of win7bootupdater cli
@greifi,
have you downloaded and installed C++ 2010 redist?
have a little respect man, "you havent the knowledge" you can;t download and run a simple program?
@Thaimin,
when you get the final version out the door, you should make a new thread, becuase this dev thread, is apperantly attracting and confusing n00bs.
and, is there any way to keep the n00bs out?
@greifi,
did you download the .net 2.0 version of win7bootupdater cli or the .net 4.0 version of win7bootupdater cli
@greifi,
have you downloaded and installed C++ 2010 redist?
yes!! net 4.0 and c++2010 are installed! "Boot updater" work...but "boot updater ccommand line" don't work
Trascrizione fonetica
Traduzione da Italiano verso Inglese
Trascrizione fonetica
Traduzione da Italiano verso Inglese
Greifi, try THIS version
http://coderforlife.com/projects/win...UpdaterCmd.exe
do you have Windows 7 x86 or windows 7 x64
do you have Windows 7 SP1
http://coderforlife.com/projects/win...UpdaterCmd.exe
do you have Windows 7 x86 or windows 7 x64
do you have Windows 7 SP1
does not work! after I open the bootupdatercmd.exe reports "the program has stopped working"
right click, go to properties, click compadibility tab, check the run as admin box.
then type in CMD into the start menu, click on CMD.exe, drag win7bootupdaterCMD.exe into the cmd.exe window and hit enter.
then type in CMD into the start menu, click on CMD.exe, drag win7bootupdaterCMD.exe into the cmd.exe window and hit enter.
�� Quote: Originally Posted by marcusj0015 right click, go to properties, click compadibility tab, check the run as admin box.
then type in CMD into the start menu, click on CMD.exe, drag win7bootupdaterCMD.exe into the cmd.exe window and hit enter.
then type in CMD into the start menu, click on CMD.exe, drag win7bootupdaterCMD.exe into the cmd.exe window and hit enter.
@Greifi, it looks like were gonna have to talk to Thaimin about this, sorry it will be a little bit of a wait, sorry.
@Greifi, download the x64 version of the cmd app link: http://coderforlife.com/projects/win7boot/x64/Win7BootUpdaterCmd.exe
@Thaimin,
check out Greifi's screenshot, he apperantly is using Italian, idk if it's not compadible with Italian or what, becasue your instructions are displayed in english, I think you should include translated instructions with your app.
but anywho, idk how to help him so, your the dev, you know more about your app than i do.
@Greifi, download the x64 version of the cmd app link: http://coderforlife.com/projects/win7boot/x64/Win7BootUpdaterCmd.exe
@Thaimin,
check out Greifi's screenshot, he apperantly is using Italian, idk if it's not compadible with Italian or what, becasue your instructions are displayed in english, I think you should include translated instructions with your app.
but anywho, idk how to help him so, your the dev, you know more about your app than i do.
to ensure that the problem is win7 ITA I can install win7 ENG in virtual machine...
I installed windows 7 x64 ENG
I installed net 4.0 and c + + redist
.... but the problem remains.
I installed net 4.0 and c + + redist
.... but the problem remains.
@greifi / marcusj
This was a mistake on my part! One stupid line I left out of the command line version. DOH! I have uploaded a new version of the command line that now works.
@kbronski
The first post is quite intense, its more of a reference if you want to understand how it actually works. I have developed a program that does it all for you, and a bit more!
@marcusj
I would be happy to include translated instructions, however I only know English and some Spanish and German, but not nearly enough to translate my instructions and error messages. If anyone would like to contribute languages I would be grateful! In fact I am planning on making my program able to automatically take up other languages as translations are made.
@joakim
Book purchased!
@xxrazor
Thanks for this input. I think I know what is going wrong, but I will have to get back to you with a solution in a little bit.
This was a mistake on my part! One stupid line I left out of the command line version. DOH! I have uploaded a new version of the command line that now works.
@kbronski
The first post is quite intense, its more of a reference if you want to understand how it actually works. I have developed a program that does it all for you, and a bit more!
@marcusj
I would be happy to include translated instructions, however I only know English and some Spanish and German, but not nearly enough to translate my instructions and error messages. If anyone would like to contribute languages I would be grateful! In fact I am planning on making my program able to automatically take up other languages as translations are made.
@joakim
Book purchased!
@xxrazor
Thanks for this input. I think I know what is going wrong, but I will have to get back to you with a solution in a little bit.
yeah!
now works correctly!!!
thanks!!!!!
now works correctly!!!
thanks!!!!!
well i am sort of new around here i am tring to make a boot animation that is automaticaly in stalled in the windows 7 disk any ideas
@nighthawk507
That's still not quite possible. I am working on it.
That's still not quite possible. I am working on it.
@Thaimin, use google translate to translate.
it may not be 100% perfect, but alot better than displaying the error messages in a completely different language
it may not be 100% perfect, but alot better than displaying the error messages in a completely different language
�� Quote: Originally Posted by thaimin @kbronski
The first post is quite intense, its more of a reference if you want to understand how it actually works. I have developed a program that does it all for you, and a bit more.
The first post is quite intense, its more of a reference if you want to understand how it actually works. I have developed a program that does it all for you, and a bit more.
Link to thaimin's application is in the first post (now both at the start and end of it).
i'm new to the forum but have been following this thread and trying out the alpha's and just wanted to say the Alpha 10 works great on my Ultimate x64, great job Thaimin
Thanks thaimin
every thing works fine.
every thing works fine.
@thaimin
Thanks mate, i guess the end result is that it works with Boot.wim and install.wim.
Boot.wim the first choice but Install.wim would be really cool
Thanks again
cheers
xxrazor
P.S, i have something else you might be interested at looking at, lets say a half completed project that needs a good ending.
Thanks mate, i guess the end result is that it works with Boot.wim and install.wim.
Boot.wim the first choice but Install.wim would be really cool
Thanks again
cheers
xxrazor
P.S, i have something else you might be interested at looking at, lets say a half completed project that needs a good ending.
i found a way to make boot though a bootskin with the help of winrar in the $oem$ but i would prefire it in the setup but it works for now but it works great cant wait to see what you come up with next
and what did you do to get the Windows 7 DVD Boot Animation working NightHawk507?
marcusj0015 i didnt get a dvd animation yet maybe when a better version comes out i will but right now i just use the cmd line to add it when it is installed with the use of winrar
how do you use winrar, to install a custom boot screen?
i don't get what your saying
i don't get what your saying
i rar the boot skin and the Win7BootUpdaterCmd.exe and in cometlines i have it say
;The comment below contains SFX script commands
Text
{
Setup=Win7BootUpdaterCmd boot.bs7
TempMode
Silent=1
Overwrite=1
}
and in autounattend i have it run
;The comment below contains SFX script commands
Text
{
Setup=Win7BootUpdaterCmd boot.bs7
TempMode
Silent=1
Overwrite=1
}
and in autounattend i have it run
oh, ok i thought you extracted PREPATCHED Files.
�� Quote: Originally Posted by joakim Link to thaimin's application is in the first post (now both at the start and end of it).
Thanks
It gave me a missing file error. :/
You need to install Visual C 2010 libraries. There is a link on the page under "Prerequisites".
@thaimin
I see in your Todo list "Work with Windows 7 Embedded". I still have no time for testing, but cannot see any reason why 7 Embedded shouldn't work. It is still Windows 7, just componetized. As a matter in fact, I usually run 7 Embedded in VMware for all my W*7* testing. And the early tests of mine with your program was in fact performed on 32-bit 7 Embedded system (rtm).
I see in your Todo list "Work with Windows 7 Embedded". I still have no time for testing, but cannot see any reason why 7 Embedded shouldn't work. It is still Windows 7, just componetized. As a matter in fact, I usually run 7 Embedded in VMware for all my W*7* testing. And the early tests of mine with your program was in fact performed on 32-bit 7 Embedded system (rtm).
@joakim
That should be removed. It was actually tested recently and worked without incident. Someone reported the problem to me, but it was probably the same issues that 50% of non-embedded people were running into.
@all
On the other hand, I have been working on many little things:
That should be removed. It was actually tested recently and worked without incident. Someone reported the problem to me, but it was probably the same issues that 50% of non-embedded people were running into.
@all
On the other hand, I have been working on many little things:
- Sharing service:
- I have made a Flash app that can show the preview of a BS7 file (the BS7 file must be slightly modified due to Flash's refusal to load images > 2880x2880, but that modification can be done by a server-side PHP script I have already made). The Flash app has many playback features.
- Localization:
- I have made the entire core (where most error and progress messages are made) localized, next is the GUI. If anyone would like to contribute a translation, please tell me! The 10 most popular non-English languages for my website are:
- German (6518)
- Russian (6446)
- Portuguese (3952)
- Spanish (3940)
- Italian (2781)
- French (2185)
- Chinese (1029)
- Polish (927)
- Dutch (894)
- Hungarian (770)
- I have made the entire core (where most error and progress messages are made) localized, next is the GUI. If anyone would like to contribute a translation, please tell me! The 10 most popular non-English languages for my website are:
- Installer:
- I have also been putting some thought into this, although no concrete progress yet
- Integration with install.wim/boot.wim:
- Once again, thought but no concrete progress
- NTOSKRNL changes:
- These allow you to change position, size, number of frames, and loop back frame of animation
- However changing NTOSKRNL is much more 'risky'. However, I had the idea that some fancy stuff could be done to patch it in-memory from winload.exe
- I have done something similar with my expstart program which patches Explorer.exe in memory and doesn't invalidate the Microsoft certificate.
- This case is definitely more complicated, but it is just an idea
@thaimin, i forgoet, are we able to edit the frame rate? alot of posts across two threads, alot easier to ask, than to try to find it.
I believe it is technically possible, I haven't tried any of the NTOSKRNL hacks, joakim and AlexYM have. However, I don't think changing that would be good (at least changing it to a higher value) since it will take much longer to load the image. I also wouldn't recommend making the animation longer or larger for the same reason.
Hello thaimin! We (together with our community at Deskmodder.de) would like to translate this into german. So if this is ok for you, please contact me via pn - thank you.
moinmoin
moinmoin
well i love alpha 10
@nighthawk
Thanks!
@moinmoin
I am now ready to have you start translating! Please see Coder for Life - Project - Windows 7 Boot Updater: Translation for details. There are currently 173 phrases, although about half of them are only one or two words. I may have more for you as I create the installer and boot skin sharing system, although those should be the last two things with any significant amount of text.
When you look at the document, at the moment there is a German column (de-DE), however it is filled entirely with "x". I was using it to make sure my program could actually change language.
Thank you so much for assisting!
Thanks!
@moinmoin
I am now ready to have you start translating! Please see Coder for Life - Project - Windows 7 Boot Updater: Translation for details. There are currently 173 phrases, although about half of them are only one or two words. I may have more for you as I create the installer and boot skin sharing system, although those should be the last two things with any significant amount of text.
When you look at the document, at the moment there is a German column (de-DE), however it is filled entirely with "x". I was using it to make sure my program could actually change language.
Thank you so much for assisting!
Hello thaimin! If you agree I can translate in Italian ...
@djpatch
That would be great! The information is all online at Coder for Life - Project - Windows 7 Boot Updater: Translation
That would be great! The information is all online at Coder for Life - Project - Windows 7 Boot Updater: Translation
Ok, thaimin. We starting the german part.
Howdy, I was just hoping someone could give some advice, I'm trying to replace the Boot ani. and boot text. This is is fine using the Winupdate7 tools. So I have successfully replaced the winload.exe, winload.xxx.mui etc on the Windows 7 DVD and this works fine.
Iam trying to replace the winload(s) bootres.dll etc in the Wim's so that upon first boot (after first reboot) will display the Modded Boot Ani(pic). So far i have discovered that replaceing all of the winload.exe, .mui, bootres.dll etc all works fine until first(just after completing first stage of setup) reboot then displays the Old "Windows could not verify digital certificate crap", "error 00000xf <- not right".
Now i gather this is because of the the patched or modded bootmgr. So i have also tried to replace this with the patched version(in the install.wim) all goes well in the install until first reboot complains about can't prepare drive.
So is there anyway to get around replacing the files in the install.wim (and Boot.wim) and get this to work. Or should i run a script to run the Winupdate7cmd. I would very much prefer to not have to install VC libs and .net 4.
Iam trying to replace the winload(s) bootres.dll etc in the Wim's so that upon first boot (after first reboot) will display the Modded Boot Ani(pic). So far i have discovered that replaceing all of the winload.exe, .mui, bootres.dll etc all works fine until first(just after completing first stage of setup) reboot then displays the Old "Windows could not verify digital certificate crap", "error 00000xf <- not right".
Now i gather this is because of the the patched or modded bootmgr. So i have also tried to replace this with the patched version(in the install.wim) all goes well in the install until first reboot complains about can't prepare drive.
So is there anyway to get around replacing the files in the install.wim (and Boot.wim) and get this to work. Or should i run a script to run the Winupdate7cmd. I would very much prefer to not have to install VC libs and .net 4.
@shaunp
I am working on this problem. You have given some very detailed information and it will hopefully help me. I plan to have these integrated into the boot.wim / install.wim eventually for my own purposes.
In the mean time, you will need to do it with a script. You however don't really need .NET 4 and VC 2010 libs. There is a special .NET 2 version which works identically and doesn't require any extra libs. Look under the standard download links.
I am working on this problem. You have given some very detailed information and it will hopefully help me. I plan to have these integrated into the boot.wim / install.wim eventually for my own purposes.
In the mean time, you will need to do it with a script. You however don't really need .NET 4 and VC 2010 libs. There is a special .NET 2 version which works identically and doesn't require any extra libs. Look under the standard download links.
Không có nhận xét nào:
Đăng nhận xét